Hello!
I have a client in my LAN that must access a server on the Internet listening for requests on 3456 port.
Using the FORWARD chain (default police = DROP) I have the following lines:
iptables -A FORWARD -m state ESTABLISHED,RELATED -j ACCEPT
<... my rules ...>
iptables -A FORWARD -d X.Y.0.0/16 -p tcp --dport 3456 -j ACCEPT
[snip]
Does it mean that the server is trying to start a new back connection to the client and my DROP policy is applied? (since I don't permit new incoming connections?)
I read the application documents and it only says that I must allow outgoing traffic to and from X.Y.0.0/16:3456 using TCP protocol.
The easiest way to see if your firewall is dropping anything is to add something like this to the end of your firewall rules (provided you don't have any DROP targets beforehand):
iptables -A FORWARD -s X.Y.0.0/16 -j LOG --log-prefix "FWD_FRM_X_Y " iptables -A FORWARD -d X.Y.0.0/16 -j LOG --log-prefix "FWD_TO_X_Y "
If there is any callback connection, it will show in kernel log (on Red Hatish systems /var/log/messages). It will also show if your firewall is blocking any other packets between your network and X.Y.0.0/16.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
