Jed: Thanks for trying to help. That is a good idea. I eventually figured out it was the IPMI card interfering with the packets destined to eth0. Neil -- Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Jed Reynolds Sent: Wednesday, February 21, 2007 10:34 PM To: CentOS mailing list Subject: Re: [CentOS] CentOS 4.4 blocking outbound connections? Neil Aggarwal wrote: > Fabian: > > I rebooted the machine to see what would happen. > It went back to not accepting the connections again. > > If I turn off the firewall, everything works fine. > > I believe there is something flaky in the iptables > implementation of CentOS 4.4 from what I am seeing. > > Any ideas? > > I often write my rules as chains that end in a -j LOG --prefix "chainX" then a -j REJECT, and this helps identify where my traffic is failing. I can then later switch off the logging and turn the rejecting to dropping. Below is a particularly lean example, but it shows a method by which you can get detailed feedback on how your chains match certain packets that you pass to them. #!/bin/bash #fail=DROP fail=REJECT log=1 ... [ $log -eq 1 ] && iptables -A INPUT -j LOG --log-prefix 'start:' iptables -N my0ssh iptables -A my0ssh -p tcp -m tcp --m state --state NEW -j RETURN [ $log -eq 1 ] && iptables -A my0ssh -j LOG --log-prefix "my0ssh no match" ... iptables -A INPUT -j my0ssh iptables -J LOG --log-prefix 'fall-thru-failure:' iptables -A INPUT -j $fail _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos