On Thu, 2004-04-08 at 18:30, Alexis wrote: > you must change to OUTPUT the first rule at least. you're filtering all > outgoing packets. > In these rules I only see policy ACCEPT for the OUTPUT chain, so IMHO there's no filtering there. > > Hi all, > > I was in trouble opening a port for services with tomcat: > > Is this rule right? I'm behind an adsl router that forward every > > connection on port 8080 to <myprivateip>. > > > > iptables -P INPUT DROP > > iptables -P OUTPUT ACCEPT > > iptables -P FORWARD DROP > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -p tcp -d <myprivateip> --dport 8080 -s 0.0.0.0 -m > > state --state NEW -j ACCEPT Is your Tomcat listening on 8080/tcp ? (netstat -an|grep 8080) Are you sure that your router is forwarding all connections ? Check with a logging rule between the -m state and the -p tcp rules to see what's going on (if there is) : iptables -A INPUT -j LOG --log-prefix "_ipt:check" Gr, Rob
