Rules for localhost, help needed.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On occasion, I configure iptables via webmin.  I am having a strange
problem where when I apply the rules from that GUI that it never comes
back.  If I close the web browser and restart, I can see everything
again, but it looks like I get cut off.  Also, I occasionally get some
redhat GUI issues as well and I think it's because of my rulebase.
These issues do not happen when I am connected remotely.

 

I have my ruleset below...am I missing anything for local that anyone
can see.

 

Thanks in advance...very appreciated.

 

RULES

[root@mae-fw ~]# iptables -L

Chain INPUT (policy DROP)

target     prot opt source               destination

DROP       all  --  192.168.222.0/24     anywhere

DROP       all  --  138.42.156.0/24      anywhere

ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere            tcp
multiport dports ssh,10000 state NEW

DROP       all  --  anywhere             anywhere

 

Chain FORWARD (policy DROP)

target     prot opt source               destination

DROP       all  --  192.168.222.0/24     anywhere

DROP       all  --  138.42.156.0/24      anywhere

ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED

ACCEPT     udp  --  anywhere             anywhere            udp
dpt:domain

ACCEPT     tcp  --  anywhere             anywhere            tcp

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere            tcp
multiport dports
ftp-data,ftp,ssh,telnet,domain,http,https,webcache,3389,5800,5801

DROP       all  --  anywhere             anywhere

 

Chain OUTPUT (policy DROP)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere            state
NEW,RELATED,ESTABLISHED

 

 

NATS

[root@mae-fw ~]# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

DNAT       all  -- !192.168.222.0/24     Etrust-scc.ca.com
to:192.168.222.101

DNAT       all  -- !192.168.222.0/24     Etrust-audit.ca.com
to:192.168.222.165

DNAT       all  -- !192.168.222.0/24     Etrust-pc.ca.com
to:192.168.222.130

DNAT       all  -- !192.168.222.0/24     Etrust-ws1.ca.com
to:192.168.222.100

DNAT       all  -- !192.168.222.0/24     Etrust-uni.ca.com
to:192.168.222.102

DNAT       all  -- !192.168.222.0/24     Etrust-vm.ca.com
to:192.168.222.115

DNAT       all  -- !192.168.222.0/24     Itrmsrv01.ca.com
to:192.168.222.150

 

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination

SNAT       all  --  192.168.222.0/24     anywhere
to:138.42.156.15

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

 

 

 

Jeff Ginter, CISSP

Computer Associates

Mid-Atlantic Total Protection

Consulting Manager

Office:  (908) 874-9726

Mobile:  (609) 577-1494

jeff.ginter@xxxxxx
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux