iptables?

compgeek13@xxxxxxxxx (Littlefield, Tyler) · Wed, 28 Mar 2007 13:57:52 -0700



Will do, thanks.
----- Original Message ----- 
From: "Ralph W. Reid" <rreid@xxxxxxxxxx>
To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca>
Sent: Wednesday, March 28, 2007 9:06 AM
Subject: Re: iptables?


> You might want to try logging some of iptables' activities to
> determine what exactly is being blocked.  If the lines you listed are
> in a script, you can insert the following line just before the 'INPUT
> DROP' line to log the incoming packets at that point to see what is
> reaching that point in your iptables rules:
>
> iptables -a INPUT -j LOG --log-prefix " input drop "
>
> The resulting log entries will be in /var/syslog ('grep "input drop"
> /var/syslog' will display the results).  You may want to comment out
> or remove this new line from your script when you are done using it,
> and then use the iptables delete option or rerun the script to clear
> the tables--this iptables command may produce a lot of log entries
> very quickly.
>
> HTH, and have a great day.
>
> On Tue, Mar 27, 2007 at 01:16:15PM -0700, Littlefield, Tyler wrote:
> > I'm trying to use apt-get, I'm not sure what I would need to enable to
get
> > that.
> > ----- Original Message ----- 
> > From: "Ralph W. Reid" <rreid at sunset.net>
> > To: "Speakup is a screen review system for Linux."
<speakup at braille.uwo.ca>
> > Sent: Tuesday, March 27, 2007 11:40 AM
> > Subject: Re: iptables?
> >
> >
> > > You have only allowed tcp protocol on various ports.  Could you
> > > perhaps be doing something which involves other protocols such as udp
> > > or icmp?
> > >
> > > On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote:
> > > > Hello list,
> > > > I've got the following iptables set.
> > > > iptables -F
> > > > iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 80 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 110 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 3784 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 443 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 6666:6670 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 10000 -j ACCEPT
> > > > iptables -A INPUT -p tcp --sport 20000 -j ACCEPT
> > > > iptables -P INPUT DROP
> > > > iptables -P OUTPUT ACCEPT
> > > > I'm dmzed, and when I run this, it puts everything to filter.
> > > > Any idea what I'm doing wrong?
> > > > Thanks,
> > > > ~~TheCreator~~
> > > > _______________________________________________
> > > > Speakup mailing list
> > > > Speakup at braille.uwo.ca
> > > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > >
> > > -- 
> > > Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
> > > rreid at sunset.net  http://personalweb.sunset.net/~rreid
> > > ...passing through The City of Internet at the speed of light...
> > > 1 = x^0
>
> -- 
> Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
> rreid at sunset.net  http://personalweb.sunset.net/~rreid
> ...passing through The City of Internet at the speed of light...
> TAN (x) = SIN (x) / COS (x)
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup