oh, i thought you mean all addresses with 0.0.0.0 (as an example) and not you was setting the rule with explicilt 0.0.0.0 doing this, you are saying 0.0.0.0/32 , this means only this IP address. For match all ip addresses, leave the modif (-d) without set or use 0.0.0.0/0 regards ----- Original Message ----- From: "Gianni Pucciani" <gp.puccio@xxxxxx> To: "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> Cc: "Netfilter" <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, April 08, 2004 5:13 PM Subject: Re: opening connection for Tomcat > Ok, I've fixed the problem: it seems that the address 0.0.0.0 is no good. > > Many thanks > > Gianni > Rob Sterenborg wrote: > > >On Thu, 2004-04-08 at 18:30, Alexis wrote: > > > > > >>you must change to OUTPUT the first rule at least. you're filtering all > >>outgoing packets. > >> > >> > >> > > > >In these rules I only see policy ACCEPT for the OUTPUT chain, so IMHO > >there's no filtering there. > > > > > > > >>>Hi all, > >>>I was in trouble opening a port for services with tomcat: > >>>Is this rule right? I'm behind an adsl router that forward every > >>>connection on port 8080 to <myprivateip>. > >>> > >>>iptables -P INPUT DROP > >>>iptables -P OUTPUT ACCEPT > >>>iptables -P FORWARD DROP > >>> > >>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > >>>iptables -A INPUT -p tcp -d <myprivateip> --dport 8080 -s 0.0.0.0 -m > >>>state --state NEW -j ACCEPT > >>> > >>> > > > >Is your Tomcat listening on 8080/tcp ? (netstat -an|grep 8080) > >Are you sure that your router is forwarding all connections ? > > > >Check with a logging rule between the -m state and the -p tcp rules to > >see what's going on (if there is) : > > > >iptables -A INPUT -j LOG --log-prefix "_ipt:check" > > > > > >Gr, > >Rob > > > > > > > > > > > > > > >
