[CentOS] Firewall frustration

Thu Jan 3 10:14:46 UTC 2008
Fajar Priyanto <fajarpri at cbn.net.id>

On Thursday 03 January 2008 12:37:56 Christopher Chan wrote:
> Too bad you missed the documentation on netfilter then. It would have
> told you that the INPUT chain controls what comes to the box, the OUTPUT
> chain what originates from the box and the FORWARD chain what goes
> through the box.
>
> You would have needed a rule in FORWARD to allow ssh connections through
> the box. The rules in the INPUT and OUTPUT chains would have zero effect
> on connections going through.

It might also help if we put a rule that will log what happens for 
troubleshooting. Put these lines in the last of your rules (pls mind the word 
wrap):
iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** 
INPUT DROP ** '
iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j 
LOG --log-prefix '** OUTPUT DROP ** '
iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j 
LOG --log-prefix '** FORWARD DROP ** '

We can now see the result in /var/log/messages
HTH,
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
17:14:40 up 9:52, 2.6.22-14-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080103/7da3262f/attachment-0004.sig>