On 8/9/07, Martijn Lievaart <m@xxxxxxx> wrote: > Maxim Veksler wrote: > > On 8/8/07, Martijn Lievaart <m@xxxxxxx> wrote: > > > >> Maxim Veksler wrote: > >> > >>> Hello, > >>> > >>> Follwing a recent theread on this list, I've configued my firewall to > >>> allow incoming traffic from specific IP's only. Now I can't ssh > >>> outside, could some please explain why this happening ? > >>> > >>> The system is redhat 4. > >>> > >>> > >> You don't allow the return packets in. Add a -m state --state > >> ESTABLISHED,RELATED match as the first rule in your INPUT chain. > >> > >> > > > > That was it, thank you very much. > > How could I've debug it myself ? > > > > Good question! > Thank you. > Add LOG rules for dropped traffic. I would appreciate an example for this tip. > Get out wireshark (formerly ethereal) Got it, tcpdump -w /tmp/iptables_lock.cap, it seems that iptables hook drops the packet before libpcap has a chance on seeing it. > to see what goes on at the line. Read up on how to construct good > rulesets Would very much appreciate good links here. and maybe even on IP (no sorry, I don't have any links). > rfc791, that's for IP. Please correct me if I'm wrong but you meant read on TCP because IP is stateless and has no verification what so ever buildin, the only tracking IP does is for fragmentation and reconstruction of packets. I don't think this was the case here and further more I don't see how --state ESTABLISHED,RELATED could have any effect on it. Again, please correct me if I'm wrong. > HTH, It does ! > M4 > > Thank you. -- Cheers, Maxim Veksler "Free as in Freedom" - Do u GNU ?
