iptables failing when "accept" is the rule action

[vijfita]

Hi all,

I have been configuring iptables for packet filtering
for the last few days. I am experiencing a very strange behaviour of iptables.

All iptables rules that I mention at each chain match with real packets and work ONLY if the action is DROP. This invariably means that I am unable to set the default action of any chain to be DROP. For example,

when I set the following rules:

a)Default action for INPUT: ACCEPT
b)Action for INPUT packets that are addressed to port 3128 of localhost
(squid runs on this port): DROP

This ruleset works well, and all packets that are addressed to the gateway's squid are being blocked (meaning Internet access is blocked).

But when I rewrite teh same function with the following rules:

a)Default action for INPUT: DROP
b) Action for INPUT packets that are addressed to port 3128 of localhost:ACCEPT

The incoming packets dont seem to be matching the first rule, and end up in the default rule, thereby dropping the packet.

The actual script mentions the followng lines:

iptables -P INPUT DROP
iptables -A INPUT -i eth0 -m tcp -p tcp -s 192.168.20/24 --dport 3128 -j ACCEPT

Am I going wrong in making the iptables commands for achieving what I want to achieve ? I want to drop packets by default, but accept input packets addressed to the squid port.

Or, do I have to enable a few more things ? IP forwarding is already enabled in the gateway machine.

I am seeing the same problems even with forward rules(irrespective of any application like squid running)....

Some one help me please ...

Regards.

Vijay

[Krendoshazin]

the answer looks pretty simple, you used a / instead of a .

iptables -A INPUT -i eth0 -m tcp -p tcp -s 192.168.20/24 --dport 3128 -j ACCEPT

should be

iptables -A INPUT -i eth0 -m tcp -p tcp -s 192.168.20.24 --dport 3128 -j ACCEPT

[vijfita]

Sorry mates.....that was a typo ...it should have been 192.168.2.0/24 .....which implies that this was not the only problem ...

Regards.