Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, While I would not consider myself an expert, I have progressed beyond Newbie and this issue is driving me batty. I have Centos installed and all was working great ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2006
    Posts
    4

    Iptables block eth0


    Hi,

    While I would not consider myself an expert, I have progressed beyond Newbie and this issue is driving me batty. I have Centos installed and all was working great for the longest time. Magically one day Iptables started blocking inbound access to eth0. I have reset the config to wide open and allowed everything and it still doesn't accept eth0 requests. I am fairly certain the issue is no longer with Iptables but am baffled as to where to look next. Below is the latest Iptables rules that are being used in my box.

    Any thoughts, ideas, help greatly appreciated.

    # Generated by iptables-save v1.2.11 on Thu Apr 20 12:45:17 2006
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    # Completed on Thu Apr 20 12:45:17 2006
    # Generated by iptables-save v1.2.11 on Thu Apr 20 12:45:17 2006
    *mangle
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed on Thu Apr 20 12:45:17 2006
    # Generated by iptables-save v1.2.11 on Thu Apr 20 12:45:17 2006
    *filter
    :FORWARD ACCEPT [0:0]
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    # SSH WAN
    -A INPUT -p tcp -m tcp -i eth0 --dport 22 -j ACCEPT
    # HTTPS
    -A INPUT -p tcp -m tcp -i eth0 --dport 443 -j ACCEPT
    # Webmin
    -A INPUT -p tcp -m tcp -i eth0 --dport 10000 -j ACCEPT
    # Accept traffic from internal interfaces
    -A INPUT -i eth1 -j ACCEPT
    # Drop All
    -A INPUT -j DROP
    COMMIT
    # Completed on Thu Apr 20 12:45:17 2006

  2. #2
    Trusted Penguin Dapper Dan's Avatar
    Join Date
    Oct 2004
    Location
    The Sovereign State of South Carolina
    Posts
    4,630
    Just thoughts... Did you config your firewall with system-config-security-level and set eth0 to "open." I don't know much about configuring iptables but like to use Guarddog to manage ports. Maybe try installing Guarddog and set the ports that way. Is it possible something in a router could be blocking eth0?
    Linux Mint + IceWM Registered: #371367 New Members: click here

  3. #3
    Just Joined!
    Join Date
    Apr 2006
    Posts
    4
    Hi,

    Actually I use a module in Webmin to alter the Iptable rules. I have 2 Linux boxes here that were using the exact same rule set and the other box is still running as happy as can be with the original rules.

    Is there a way that I can check this setting you speak of?

    system-config-security-level and set eth0 to "open."

  4. #4
    Just Joined!
    Join Date
    Apr 2006
    Posts
    4
    Sorry Dan, I forgot to answer the other side of your post, the box has dual Nics and eth0 is exposed on the WAN side.

  5. #5
    Trusted Penguin Dapper Dan's Avatar
    Join Date
    Oct 2004
    Location
    The Sovereign State of South Carolina
    Posts
    4,630
    From a terminal as root:
    Code:
    system-config-security-level
    It's worth a try. I've used Webmin but not for ports and firewall duties so I'm not sure on that. Maybe try connecting it directly to your router or internet connection to see if the problem is arising from somewhere else? Sorry I'm not helping more.
    Linux Mint + IceWM Registered: #371367 New Members: click here

  6. #6
    Just Joined!
    Join Date
    Apr 2006
    Posts
    4
    Dan,

    No worries, I appreciate the ideas. Webmin is a great tool, it allows complete manipulation of the Linux environment. Very handy to when an SSH tunnel across the internet is usually blocked by the employer site.

    This particular Nic is the router wall for it's access to the internet, no other router or wall between them. So from a security point of view is is 100% effective at preventing any baddies from getting in, but it is also competely blocking my own ability to access the box remotely. arrgghhh,,,..,.,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •