[CentOS] CentOS 4.4 blocking outbound connections?
Neil Aggarwal
neil at JAMMConsulting.com
Thu Feb 22 05:34:14 UTC 2007
Jed:
Thanks for trying to help. That is a good idea.
I eventually figured out it was the IPMI card interfering
with the packets destined to eth0.
Neil
--
Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Jed Reynolds
Sent: Wednesday, February 21, 2007 10:34 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS 4.4 blocking outbound connections?
Neil Aggarwal wrote:
> Fabian:
>
> I rebooted the machine to see what would happen.
> It went back to not accepting the connections again.
>
> If I turn off the firewall, everything works fine.
>
> I believe there is something flaky in the iptables
> implementation of CentOS 4.4 from what I am seeing.
>
> Any ideas?
>
>
I often write my rules as chains that end in a -j LOG --prefix "chainX"
then a -j REJECT, and this helps identify where my traffic is failing. I
can then later switch off the logging and turn the rejecting to
dropping. Below is a particularly lean example, but it shows a method by
which you can get detailed feedback on how your chains match certain
packets that you pass to them.
#!/bin/bash
#fail=DROP
fail=REJECT
log=1
...
[ $log -eq 1 ] && iptables -A INPUT -j LOG --log-prefix 'start:'
iptables -N my0ssh
iptables -A my0ssh -p tcp -m tcp --m state --state NEW -j RETURN
[ $log -eq 1 ] && iptables -A my0ssh -j LOG --log-prefix "my0ssh no match"
...
iptables -A INPUT -j my0ssh
iptables -J LOG --log-prefix 'fall-thru-failure:'
iptables -A INPUT -j $fail
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list