Well, James, you are missing quite a lot here. First of all, default policy is set to ACCEPT, so everything goes through as if there were no firewall rules at all. Secondly, the examples people sent you implied you already had some other firewall rules needed for them to work (most of them don't work on their own).
I'll attach sample /etc/sysconfig/iptables file with some comments you can use to play with. It something I just typed for you, so might contain a type or two. It's good starting point for building your own firewall rules.
The configuration style is total overkill for your simple problem, however if your configuration becomes complex with hundreds or thousands of rules, it'll pay off to do it this way from the beggining.
You might want to deinstall system-config-securitylevel and system-config-securitylevel-tui since they will blindly rewrite this file. You might also want to remove any other GUI tool for managing firewall rules, since it will either overwrite this file, or it will use its own scripts to replace the rules with whatever that GUI tool thinks configuration should look like. Also, if you use "/etc/init.d/iptables save" (as some folks suggested), it will also overwrite this file with whatever are currently loaded rules (you'll loose all those nice comments I put in for you, and nice looking ordering of them too). To load the file, you might do "/etc/init.d/iptables start". Once the rules are up and running, and you change something in the file, don't use iptables script to reload new version. Use "iptables-restore /etc/sysconfig/iptables". Or your current sessions might hung ;-)
OK, there's the file in attachment.
Aleksandar,
Wow, this is excellent. I read through it all and commented out the 8000 stuff for the moment. I totally agree with doing it right from the start.
That being said it loaded fine. I can still ssh and hit http. The only problem is that the VNC forward stuff still doesn't work. Here's what it looks like applied.
#iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state RELATED SSH_INP tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh flags:SYN,RST,ACK/SYN state NEW HTTP_INP tcp -- anywhere anywhere tcp spts:1024:65535 dpt:http flags:SYN,RST,ACK/SYN state NEW LOG_INP all -- anywhere anywhere
Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state RELATED VNC_FWD tcp -- anywhere anywhere tcp spts:1024:65535 dpt:5900 flags:SYN,RST,ACK/SYN state NEW LOG_FWD all -- anywhere anywhere
Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state RELATED LOG_OUT all -- anywhere anywhere
Chain HTTP_INP (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere RETURN all -- anywhere anywhere
Chain LOG_FWD (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `FORWARD ' RETURN all -- anywhere anywhere
Chain LOG_INP (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `INPUT ' RETURN all -- anywhere anywhere
Chain LOG_OUT (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `OUTPUT ' RETURN all -- anywhere anywhere
Chain SSH_INP (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere RETURN all -- anywhere anywhere
Chain VNC_FWD (1 references) target prot opt source destination ACCEPT all -- 192.168.192.24 10.10.60.4 RETURN all -- anywhere anywhere
If I do an nmap scan all it returns is port 22 and port 80. Since it's port forwarded, should port 5900 show up as well? I'm doing the scan from 192.168.192.24.
I don't really understand the logging part. Is there a way I can turn on some logging to see the VNC requests coming in and see what it's doing with them?
Thanks for everything! James