|
Hi Rob,
I have made changes just like you said. And I still I cannot browse! Is there something wrong with my other chain rules or with the routing with my network cards?(Note I have two network cards) Please help. Thanks.
Chain INPUT (policy DROP)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
Chain FORWARD (policy ACCEPT)
target prot opt source destination RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flag s:0x16/0x02 reject-with icmp-port-unreachable REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0 x16/0x02 reject-with icmp-port-unreachable REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reje ct-with icmp-port-unreachable REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject- with icmp-port-unreachable REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 f lags:0x16/0x02 reject-with icmp-port-unreachable REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0 x16/0x02 reject-with icmp-port-unreachable
-----Original Message-----
> Can somebody explain to me why is when i changed my Chain > INPUT Rules from ACCEPT to DROP, i cannot browse the internet > despite opening port 80 in the INPUT rule. ... > Chain INPUT (policy DROP) > target prot opt source destination > RH-Lokkit-0-50-INPUT all -- anywhere anywhere > ACCEPT tcp -- anywhere anywhere > tcp spt:http > ACCEPT udp -- anywhere anywhere > udp spt:http
Because you used sport. You are trying to reach servers that are *listening* on port 80/443 so you should use dport (destination = port 80/443). You are most likely not sending from port 80/443.
Gr, Rob
|
