Find the answer to your Linux question:
Results 1 to 4 of 4
I have two boxes: Red Hat 9 and WinXP SP2 I can ping both machines back and forth, but when I start the iptables, no communitcation at all. What is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2005
    Location
    North Va
    Posts
    5

    iptables not forwarding


    I have two boxes: Red Hat 9 and WinXP SP2
    I can ping both machines back and forth, but when I start the iptables, no communitcation at all.
    What is wrong? Please help. I am at my wits end with this.

    These are my iptables rules:
    [root@Vega root]# iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
    RH-Lokkit-0-50-INPUT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    okay tcp -- anywhere anywhere tcp dpt:ftp
    okay tcp -- anywhere anywhere tcp dpt:ssh
    okay tcp -- anywhere anywhere tcp dpt:http
    okay tcp -- anywhere anywhere tcp dpt:auth
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    ACCEPT udp -- anywhere anywhere udp dpt:2074
    ACCEPT udp -- anywhere anywhere udp dpt:4000
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT all -- 83.89.82.0/24 anywhere
    ACCEPT all -- localhost anywhere
    ACCEPT all -- Vega anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere 83.89.89.255
    ACCEPT all -- anywhere 83.89.82.0/24 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP)
    target prot opt source destination
    RH-Lokkit-0-50-INPUT all -- anywhere anywhere
    ACCEPT all -- 83.82.89.0/24 anywhere
    ACCEPT all -- anywhere 83.82.89.0/24
    DROP all -- !83.82.89.0/24 anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- localhost anywhere
    ACCEPT all -- Vega anywhere

    Chain RH-Lokkit-0-50-INPUT (2 references)
    target prot opt source destination
    ACCEPT udp -- Vega anywhere udp spt:domain dpts:1025:65535
    ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT udp -- 207.69.188.187 anywhere udp spt:domain
    ACCEPT udp -- 207.69.188.186 anywhere udp spt:domain
    REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
    REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable

    Chain okay (4 references)
    target prot opt source destination
    ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
    DROP tcp -- anywhere anywhere

  2. #2
    Just Joined!
    Join Date
    May 2005
    Location
    south australia
    Posts
    20
    greetz joseph its been a few days since you asked your iptables question and nobody has touched it presumably because iptables rule editing seems like somewhat of an obscure science.

    my iptables rules are far different to yours and most notable my chain INPUT and chain FORWARD policies are set to ACCEPT rather than DROP like yours.

    id seriously look at using redhat-config-securitylevel to edit your friewall rules. it looks to me like no traffic at all will move to or from your box the way your rules are set at the moment. (even your chain OUTPUT is set to drop!!!)

    if that doesnt give you any joy (it didnt give me any when i tried using it when i was running rh9) you can try reading one of the many articles online about iptables so you can learn how to manually edit your iptables rules (probably keep you busy for weeks). heres one here: http://www.linuxguruz.com/iptables/howto/

    let me know how you end up.

  3. #3
    Just Joined!
    Join Date
    May 2005
    Location
    North Va
    Posts
    5

    Thank You

    thank you for your reply. I tried the rehat-config-securitylevel. It allowed me to have access on the rh box, but from the wxp box, the only thing that I could do was ping the modem. I will take a look at that web site for now.

  4. #4
    Just Joined!
    Join Date
    May 2005
    Location
    North Va
    Posts
    5

    IPTABLES, NEED SOME HELP OVER HERE

    Ok, I am on my last hair. There has to be some one is this great big old world of Linux that can figure out what is wrong with this and why nothing will go thru. Nothing at all not even the Linux box. I have a 56k modem is my connection to the world, on the Linux box. And an NIC for my LAN. I have static IP's. I do not need DHCP. I only have three machines, including Linux box. Yes the default gateway is set to ppp0. And ip forwarding is enabled( = 1),


    [root@Vega root]# iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- 83.89.82.0 anywhere
    ACCEPT all -- localhost anywhere
    ACCEPT all -- 83.89.82.0 anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere 83.89.82.255
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    ACCEPT udp -- anywhere anywhere udp dpt:2074
    ACCEPT udp -- anywhere anywhere udp dpt:4000
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- localhost anywhere
    ACCEPT all -- Vega anywhere



    This is the script that I use to edit my iptables:



    #Default Policies
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    #Rules for incoming From the LAN
    iptables -A INPUT -p ALL -i eth0 -s 83.89.82.0/32 -j ACCEPT
    iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
    iptables -A INPUT -p ALL -i lo -s 83.89.82.0/32 -j ACCEPT
    iptables -A INPUT -p ALL -i ppp0 -j ACCEPT
    iptables -A INPUT -p ALL -i eth0 -d 83.89.82.255 -j ACCEPT

    #Rules for incoming From the Internet
    iptables -A INPUT -p ALL -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT

    #UDP
    iptables -A INPUT -p UDP -i ppp0 --destination-port 53 -j ACCEPT
    iptables -A INPUT -p UDP -i ppp0 --destination-port 2074 -j ACCEPT
    iptables -A INPUT -p UDP -i ppp0 --destination-port 4000 -j ACCEPT

    #ICMP
    iptables -A INPUT -p ICMP -i ppp0 --icmp-type 8 -j ACCEPT
    iptables -A INPUT -p ICMP -i ppp0 --icmp-type 11 -j ACCEPT

    #Foward Chain Rules
    #ACCEPT the packets to forward
    iptables -A FORWARD -i eth0 -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    # OUTPUT Chain Rules
    #Only output packets with local addresses (no spoofing)
    iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
    iptables -A OUTPUT -p ALL -s 83.89.82.77 -j ACCEPT

    # Postrouting chain rules
    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •