My iptables-based firewall machine (linux) has an external ip address of 192.168.0.3. I can access most web sites from my firewall machine, but there is one that will not allow me to connect to it -- www.apple.com. The only way I can access that web site from my firewall machine is if I add the rule:
-A INBOUND -d 192.168.0.3/32 -p tcp -m tcp --sport 80 -j ACCEPT
Why is it that i have to allow inbound connections from source port 80 to my firewall machine to allow that machine to make success HTTP requests on www.apple.com? And why is it that I don't seem to require this firewall rule in order to access any other web site (I'm sure there are others that I can't access for the same reason, but I haven't run across any).
(You might ask why I'm trying to access the web from my firewall machine. I don't normally. It is my squid proxy that is unable to access www.apple.com, while it is able to access other web sites). Users on my LAN have complained that they cannot access this web site (and my firewall rules force them to go through the squid proxy rather than connect directly).
Thanks. -- Eric
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
