Results 1 to 4 of 4
With the following iptable rules, I was unable to do an apt update and ping a website. Whats wrong with the rules? How to fix it? What is the exact ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-09-2012 #1
- Join Date
- Aug 2012
How to unblock outgoing HTTP and HTTPS traffic in iptables?
With the following iptable rules, I was unable to do an apt update and ping a website. Whats wrong with the rules? How to fix it? What is the exact rule to fix it?
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:325 DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
- 11-09-2012 #2
- Join Date
- Jun 2012
- SF Bay area
If I'm interpreting that list right (which I assume is the complete set listed by "iptables --list") then your system will send anything, forward anything, but will only accept incoming packet to port 325. Any other inbound packet are dropped. I'm not sure what sort of access you want to allow the server, or what access you want to grant external systems. It sounds like a very, very specialized configuration to me. So I don't know if you're open to the following changes or not, but maybe this will still help?
The other thing that seems is is that there's no rule telling the system it's OK to accept packets on the loopback interface. So I think that "DROP" rule will kill loopback traffic as well?
Having noted that I really don't understand your system, I would suggest making the following changes. Only you can tell if they make sense in the context of what you're trying to do with the system in question.
1. disable forwarding with the default Fedora rule my system came with, meaning
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
iptables -R INPUT 2 -j REJECT --reject-with icmp-host-prohibited
iptables -I INPUT 2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -n -v --list iptables --list-rules
Last edited by cnamejj; 11-09-2012 at 08:57 AM. Reason: grammar mistake, forgot to close parens, grrr...
- 11-09-2012 #3
- Join Date
- Nov 2012
- 11-11-2012 #4
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
The adventure of a life time.
Linux User #296285