sorry, its true, my mistake ----- Original Message ----- From: "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> To: "Netfilter" <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, April 08, 2004 2:50 PM Subject: Re: opening connection for Tomcat > On Thu, 2004-04-08 at 18:30, Alexis wrote: > > you must change to OUTPUT the first rule at least. you're filtering all > > outgoing packets. > > > > In these rules I only see policy ACCEPT for the OUTPUT chain, so IMHO > there's no filtering there. > > > > Hi all, > > > I was in trouble opening a port for services with tomcat: > > > Is this rule right? I'm behind an adsl router that forward every > > > connection on port 8080 to <myprivateip>. > > > > > > iptables -P INPUT DROP > > > iptables -P OUTPUT ACCEPT > > > iptables -P FORWARD DROP > > > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > iptables -A INPUT -p tcp -d <myprivateip> --dport 8080 -s 0.0.0.0 -m > > > state --state NEW -j ACCEPT > > Is your Tomcat listening on 8080/tcp ? (netstat -an|grep 8080) > Are you sure that your router is forwarding all connections ? > > Check with a logging rule between the -m state and the -p tcp rules to > see what's going on (if there is) : > > iptables -A INPUT -j LOG --log-prefix "_ipt:check" > > > Gr, > Rob > > > >
