[CentOS] CentOS 4.4 blocking outbound connections?

Sat Feb 17 15:15:21 UTC 2007
Neil Aggarwal <neil at JAMMConsulting.com>

Hello:

When I installed CentOS 4.4 (from the ServerCD) on my server, I told 
it not to install a firewall and I disabled SELinux.  The server is
a SuperMicro 5015P-TR.

I set up my own /etc/init.d/firewall with these rules:

#!/bin/sh
# Firewall script
#
# Source function library
. /etc/init.d/functions

RETVAL=0

# Some definitions (Will need to change ETH0_IP to match your configuration)
ETH0_IP=38.114.192.86

# See how we were called.
case "$1" in
  start)
        echo -n "Starting firewall: "
        /sbin/modprobe ip_conntrack_ftp

        # Set the default policies to drop all packets
        /sbin/iptables -P INPUT DROP
        /sbin/iptables -P OUTPUT DROP
        /sbin/iptables -P FORWARD DROP

        # Flush any existing rules
        /sbin/iptables -F

        # Allow loopback traffic
        /sbin/iptables -A INPUT -i lo -j ACCEPT
        /sbin/iptables -A OUTPUT -o lo -j ACCEPT

        # Allow icmp protocol packets
        /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p icmp -j ACCEPT
        /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p icmp -j ACCEPT

        # Allow ssh connections from the outside world
        /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024:
--dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
        /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport ssh
--dport 1024: -m state --state ESTABLISHED -j ACCEPT

        # Allow this sever to access DNS
        /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p udp --sport 1024:
--dport domain -j ACCEPT
        /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p udp --sport domain
--dport 1024: -j ACCEPT

        # Log any packets that are left
        /sbin/iptables -A INPUT -j LOG --log-prefix "INPUT "
        /sbin/iptables -A OUTPUT -j LOG --log-prefix "OUTPUT "
        /sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD "

        RETVAL=$?
        echo [ $RETVAL = 0 ] && touch /var/lock/subsys/firewall
        ;;
  stop)
        echo -n "Shutting down firewall: "

        # Flush the rules
        /sbin/iptables -F

        # Set the default policies to accept
        /sbin/iptables -P INPUT ACCEPT
        /sbin/iptables -P OUTPUT ACCEPT
        /sbin/iptables -P FORWARD ACCEPT

        RETVAL=$?
        echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/firewall
        ;;
  *)
        echo "Usage: firewall {start|stop}"
        exit 1
esac

exit $RETVAL

Now, I can ssh to it only from the other machines in the same rack.

When I try to ssh to it from outside, I get this error in the
/var/log/messages file:

Feb 17 23:01:26 tweb kernel: OUTPUT IN= OUT=eth0 SRC=38.114.192.86
DST=24.175.73.85 
LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=1118
WINDOW=5840 
RES=0x00 ACK SYN URGP=0

If I log into the machine and try to ping an external IP, I get
no response and nothing in the messages file.

Is there some security setting on CentOS 4.4 that
limits connectivity?

Thanks,
	Neil


--
Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.