3

IPtables Rejects rules upon first boot

view full story
linux-howto

http://forums.fedoraforum.org – Hello , I am trying solve a strange problem which ocurred after upgrading many packages including kernel and iptables. This is a Fedora 10 PC acting as a small home-server I've been using over a year without problems. Recently, I've run a yum upgrade and after that, connections outside home wouldn't work. No changes in IPtables (firewall) rules have been done. But connection through local network is working. Symptom is : I've connected to my second PC at home and connected to the server. It works fine on local network. I restart network services (service network restart) and outside connections could be established. I have disabled iptables and ip6tables and after reboots it works fine. But PC is running without firewall . And my question is , how can I fix this? Where do I check for a start? (HowTos)

colm's picture
Submitted by colm on 01/25/2010 – Made popular on 01/25/2010

Stories similar to IPtables Rejects rules upon first boot

I want to block all non-vpn traffic, for which I have a script with iptables rules that works fine. The problem is that I can only set those rules after being connected to the vpn (if I do it before, I can't connect to the vpn).

Hi could could anyone help me understand why line 15 is failing supposedly in my iptables file.

I have two network interfaces in my CentOS 5.8 machine, one with a local IP and one with an external, publicly available, IP. I'm running SSH and some other services. I can access these if I connect to the local IP of the machine from some other machine in the same local network.

Had a strange issue this morning.

Possible Duplicate: iptables: forward port 80 to port 8080

I'd like to forward port 80 to 8080. So I tried to edit /etc/syscongfig/iptables:

-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

But got:

# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK

I have a kippo honeypot setup on our local network, and our DMZ uses:

sysctl net.ipv4.ip_forward=1 ldconfig iptables -t nat -A PREROUTING -p tcp -s $ATTACKER_IP --dport 22 -j DNAT --to-destination 192.168.1.200:2222 iptables -t nat -A POSTROUTING -j MASQUERADE

There is also a port forward on the router so port 2222 can be hit from outside the network.

I know for a fact that iptables running is causing my instance of Apache Solr to be inaccessible. How do I know this? Because I ran:

/sbin/service iptables save && /sbin/service iptables stop

Once I did this, everything worked flawlessly.

I would like to continue using my firewall however, adding the necessary rules for it doesn't seem to be working.

I have setup PSAD on my server. It asks me to add the following iptables rules:

iptables -A INPUT -j LOG iptables -A FORWARD -j LOG ip6tables -A INPUT -j LOG ip6tables -A FORWARD -j LOG

I'm using UFW to manage iptables.

I have a headless server at home and I'd like to tighten it's firewall so that only connections through the vpn or connections to/from the local network are allowed. I've read through a handful of iptables documentation, and read this one twice.