Dear Joshua.
> You are going to have to add rules to both your INPUT and OUTPUT
> chains to allow this traffic through. Could you send on a copy of
> /etc/sysconfig/iptables, if that is how your are loading these rules?
> I could then send you the exact commands to run.
>
I am not sure why I schould add input and output rules if I want to
forward packages through a device but I can give it a try.
Btw. I am using service iptables save at the bottom of my script to
store the rules.
Best Regards
Marcus
> Josh
>
>
> On Fri, Feb 6, 2009 at 1:57 PM, Marcus Moeller <mm@xxxxxxx> wrote:
>> Hi Again.
>>> Iptables -nL
>>>
>>> Show?
>>
>> Here is the complete output (there are a lot of other rules active on
>> that machine):
>>
>> Chain INPUT (policy DROP)
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> my_drop all -- 10.0.0.0/8 0.0.0.0/0
>> my_drop all -- 172.16.0.0/12 0.0.0.0/0
>> my_drop all -- 192.168.0.0/16 0.0.0.0/0
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> RELATED,ESTABLISHED
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:22 state NEW
>> my_drop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> flags:0x17/0x02
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:25 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:110 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:22 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:53 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:53 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:37 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:3128 state NEW
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 0
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 8
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 8
>> my_drop all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain FORWARD (policy DROP)
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> RELATED,ESTABLISHED
>> ACCEPT tcp -- 0.0.0.0/0 172.28.0.16 tcp
>> dpt:1249
>> ACCEPT tcp -- 0.0.0.0/0 192.168.171.253 tcp
>> dpt:25
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:1194 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:1723 state NEW
>> ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 state
>> NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:25 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:443 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:25 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:6277 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:2703 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:22 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:446 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpts:20:21 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:80 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:443 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:53 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:37 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:1494 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:8000 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpts:1000:1004 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:6667 state NEW
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:3000 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:866 state NEW
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 0
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 8
>> my_drop all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain OUTPUT (policy DROP)
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> RELATED,ESTABLISHED
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:25 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:25 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:25 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:6277 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:2703 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:110 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:22 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:22 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:22 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:446 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpts:20:21 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:80 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 192.168.100.4 tcp
>> spts:1024:65535 dpt:80 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:443 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 192.168.100.4 tcp
>> spts:1024:65535 dpt:443 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:53 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> spts:1024:65535 dpt:53 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:53 state NEW
>> ACCEPT udp -- 0.0.0.0/0 134.130.4.17 udp
>> spts:1024:65535 dpt:37 state NEW
>> ACCEPT udp -- 0.0.0.0/0 130.149.17.21 udp
>> spts:1024:65535 dpt:37 state NEW
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:123 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:43 state NEW
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> spts:1024:65535 dpt:113 state NEW
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 8
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 0
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type 0
>> my_drop all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain my_drop (7 references)
>> target prot opt source destination
>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> dpts:4661:4662 reject-with icmp-port-unreachable
>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:4665 reject-with icmp-port-unreachable
>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:1214 reject-with icmp-port-unreachable
>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> dpts:137:139 reject-with icmp-port-unreachable
>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpts:137:139 reject-with icmp-port-unreachable
>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> flags:0x17/0x02 limit: avg 10/min burst 5 LOG flags 0 level 6 prefix
>> `DROP-TCP-SYN '
>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> flags:0x17/0x02 reject-with tcp-reset
>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> flags:0x17/0x02
>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit:
>> avg 10/min burst 5 LOG flags 0 level 6 prefix `DROP-TCP '
>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0
>> reject-with tcp-reset
>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0
>> LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit:
>> avg 10/min burst 5 LOG flags 0 level 6 prefix `DROP-UDP '
>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-port-unreachable
>> DROP udp -- 0.0.0.0/0 0.0.0.0/0
>> LOG icmp -- 0.0.0.0/0 0.0.0.0/0 LOG
>> flags
>> 0 level 6 prefix `DROP-ICMP '
>> DROP icmp -- 0.0.0.0/0 0.0.0.0/0
>> LOG all -- 0.0.0.0/0 0.0.0.0/0 limit:
>> avg 10/min burst 5 LOG flags 0 level 6 prefix `DROP-PROTO-ETC '
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-proto-unreachable
>> DROP all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Best Regards
>> Marcus
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> Thx
> Joshua Gimer
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
