[CentOS] CentOS 4.4 blocking outbound connections?

Neil Aggarwal neil at JAMMConsulting.com
Thu Feb 22 05:34:14 UTC 2007


Jed:

Thanks for trying to help.  That is a good idea.

I eventually figured out it was the IPMI card interfering
with the packets destined to eth0.

	Neil 

--
Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Jed Reynolds
Sent: Wednesday, February 21, 2007 10:34 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS 4.4 blocking outbound connections?

Neil Aggarwal wrote:
> Fabian:
>
> I rebooted the machine to see what would happen.
> It went back to not accepting the connections again.
>
> If I turn off the firewall, everything works fine.
>
> I believe there is something flaky in the iptables
> implementation of CentOS 4.4 from what I am seeing.
>
> Any ideas?
>
>   

I often write my rules as chains that end in a -j LOG --prefix "chainX" 
then a -j REJECT, and this helps identify where my traffic is failing. I 
can then later switch off the logging and turn the rejecting to 
dropping. Below is a particularly lean example, but it shows a method by 
which you can get detailed feedback on how your chains match certain 
packets that you pass to them.


#!/bin/bash
#fail=DROP
fail=REJECT
log=1
...

[ $log -eq 1 ] && iptables -A INPUT -j LOG --log-prefix 'start:'
iptables -N my0ssh
iptables -A my0ssh -p tcp -m tcp --m state --state NEW -j RETURN
[ $log -eq 1 ] && iptables -A my0ssh -j LOG --log-prefix "my0ssh no match"
...
iptables -A INPUT -j my0ssh
iptables -J LOG --log-prefix 'fall-thru-failure:'
iptables -A INPUT -j $fail



_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos




More information about the CentOS mailing list