[lug] simple iptables mystery
D. Stimits
stimits at attbi.com
Thu Mar 6 19:25:52 MST 2003
On a RH 8 (KRUD) box, I have a mystery, which should not be happening. I
admit I know very little about iptables, I've used ipchains forever, but
this is so simple I don't understand why it won't work. In
/etc/sysconfig/ is the iptables file (and I run service iptables restart
after changes). I am trying to get it to accept anything on the private
eth0 NIC (it has another NIC for outside world), and the following fails
to allow anything below port 1024 in:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -s 0/0 -d 0/0 -i eth0 -j ACCEPT
I tried variations of the above, including -p tcp -m tcp, and specific
/24 nets. Using a -j LOG shows the rule is being hit. Yet it ignores the
ACCEPT rule and nothing gets in. I want the port 80 web server
accessible on the internal network, but I can only access it via direct
localhost access. There is nothing in /etc/hosts.deny either. No log
entries in apache logs indicate that it sees the outside machine at any
time. Similar rules appear to work when applied to a specific IP address
without a /24 type notation, for ports over 1024 (I did X11 remote
display). In the above simple rules, what am I overlooking?
D. Stimits, stimits AT attbi DOT com
More information about the LUG
mailing list