[lug] simple iptables mystery
Zan Lynx
zlynx at acm.org
Thu Mar 6 20:42:04 MST 2003
On Thu, 2003-03-06 at 19:25, D. Stimits wrote:
> On a RH 8 (KRUD) box, I have a mystery, which should not be happening. I
> admit I know very little about iptables, I've used ipchains forever, but
> this is so simple I don't understand why it won't work. In
> /etc/sysconfig/ is the iptables file (and I run service iptables restart
> after changes). I am trying to get it to accept anything on the private
> eth0 NIC (it has another NIC for outside world), and the following fails
> to allow anything below port 1024 in:
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT
>
> -A RH-Lokkit-0-50-INPUT -s 0/0 -d 0/0 -i eth0 -j ACCEPT
You're adding it to the end of the rule chain. Check the rules before
it. Make sure it isn't being denied somewhere closer to the front of
the chain.
One of my favority iptables debugging tools is diff.
iptables -L -v -n > /tmp/1
<do some stuff that should work>
iptables -L -v -n > /tmp/2
diff /tmp/1 /tmp/2
--
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20030306/16748ad9/attachment.pgp>
More information about the LUG
mailing list