[CentOS] CentOS 4.4 blocking outbound connections?
Neil Aggarwal
neil at JAMMConsulting.comSat Feb 17 15:15:21 UTC 2007
- Previous message: [CentOS] HOW to enable traceroute with IPTABLES
- Next message: [CentOS] CentOS 4.4 blocking outbound connections?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello:
When I installed CentOS 4.4 (from the ServerCD) on my server, I told
it not to install a firewall and I disabled SELinux. The server is
a SuperMicro 5015P-TR.
I set up my own /etc/init.d/firewall with these rules:
#!/bin/sh
# Firewall script
#
# Source function library
. /etc/init.d/functions
RETVAL=0
# Some definitions (Will need to change ETH0_IP to match your configuration)
ETH0_IP=38.114.192.86
# See how we were called.
case "$1" in
start)
echo -n "Starting firewall: "
/sbin/modprobe ip_conntrack_ftp
# Set the default policies to drop all packets
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
# Flush any existing rules
/sbin/iptables -F
# Allow loopback traffic
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Allow icmp protocol packets
/sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p icmp -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p icmp -j ACCEPT
# Allow ssh connections from the outside world
/sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024:
--dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport ssh
--dport 1024: -m state --state ESTABLISHED -j ACCEPT
# Allow this sever to access DNS
/sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p udp --sport 1024:
--dport domain -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p udp --sport domain
--dport 1024: -j ACCEPT
# Log any packets that are left
/sbin/iptables -A INPUT -j LOG --log-prefix "INPUT "
/sbin/iptables -A OUTPUT -j LOG --log-prefix "OUTPUT "
/sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD "
RETVAL=$?
echo [ $RETVAL = 0 ] && touch /var/lock/subsys/firewall
;;
stop)
echo -n "Shutting down firewall: "
# Flush the rules
/sbin/iptables -F
# Set the default policies to accept
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
RETVAL=$?
echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/firewall
;;
*)
echo "Usage: firewall {start|stop}"
exit 1
esac
exit $RETVAL
Now, I can ssh to it only from the other machines in the same rack.
When I try to ssh to it from outside, I get this error in the
/var/log/messages file:
Feb 17 23:01:26 tweb kernel: OUTPUT IN= OUT=eth0 SRC=38.114.192.86
DST=24.175.73.85
LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=1118
WINDOW=5840
RES=0x00 ACK SYN URGP=0
If I log into the machine and try to ping an external IP, I get
no response and nothing in the messages file.
Is there some security setting on CentOS 4.4 that
limits connectivity?
Thanks,
Neil
--
Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
- Previous message: [CentOS] HOW to enable traceroute with IPTABLES
- Next message: [CentOS] CentOS 4.4 blocking outbound connections?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list