You are going to have to add rules to both your INPUT and OUTPUT chains to allow this traffic through. Could you send on a copy of /etc/sysconfig/iptables, if that is how your are loading these rules? I could then send you the exact commands to run. Josh On Fri, Feb 6, 2009 at 1:57 PM, Marcus Moeller <mm at gcug.de> wrote: > Hi Again. >> Iptables -nL >> >> Show? > > Here is the complete output (there are a lot of other rules active on > that machine): > > Chain INPUT (policy DROP) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > my_drop all -- 10.0.0.0/8 0.0.0.0/0 > my_drop all -- 172.16.0.0/12 0.0.0.0/0 > my_drop all -- 192.168.0.0/16 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:22 state NEW > my_drop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:25 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:110 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:22 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:53 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:53 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:37 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:3128 state NEW > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 > my_drop all -- 0.0.0.0/0 0.0.0.0/0 > > Chain FORWARD (policy DROP) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > ACCEPT tcp -- 0.0.0.0/0 172.28.0.16 tcp dpt:1249 > ACCEPT tcp -- 0.0.0.0/0 192.168.171.253 tcp dpt:25 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:1194 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:1723 state NEW > ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:25 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:443 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:25 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:6277 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:2703 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:22 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:446 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpts:20:21 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:80 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:443 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:53 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:37 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:1494 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:8000 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpts:1000:1004 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:6667 state NEW > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:3000 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:866 state NEW > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 > my_drop all -- 0.0.0.0/0 0.0.0.0/0 > > Chain OUTPUT (policy DROP) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:25 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:25 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:25 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:6277 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:2703 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:110 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:22 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:22 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:22 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:446 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpts:20:21 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:80 state NEW > ACCEPT tcp -- 0.0.0.0/0 192.168.100.4 tcp > spts:1024:65535 dpt:80 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:443 state NEW > ACCEPT tcp -- 0.0.0.0/0 192.168.100.4 tcp > spts:1024:65535 dpt:443 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > dpt:53 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > spts:1024:65535 dpt:53 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:53 state NEW > ACCEPT udp -- 0.0.0.0/0 134.130.4.17 udp > spts:1024:65535 dpt:37 state NEW > ACCEPT udp -- 0.0.0.0/0 130.149.17.21 udp > spts:1024:65535 dpt:37 state NEW > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > dpt:123 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:43 state NEW > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > spts:1024:65535 dpt:113 state NEW > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 > my_drop all -- 0.0.0.0/0 0.0.0.0/0 > > Chain my_drop (7 references) > target prot opt source destination > REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpts:4661:4662 reject-with icmp-port-unreachable > REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp > dpt:4665 reject-with icmp-port-unreachable > REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp > dpt:1214 reject-with icmp-port-unreachable > REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpts:137:139 reject-with icmp-port-unreachable > REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp > dpts:137:139 reject-with icmp-port-unreachable > LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > flags:0x17/0x02 limit: avg 10/min burst 5 LOG flags 0 level 6 prefix > `DROP-TCP-SYN ' > REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > flags:0x17/0x02 reject-with tcp-reset > DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 > LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: > avg 10/min burst 5 LOG flags 0 level 6 prefix `DROP-TCP ' > REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 > reject-with tcp-reset > DROP tcp -- 0.0.0.0/0 0.0.0.0/0 > LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: > avg 10/min burst 5 LOG flags 0 level 6 prefix `DROP-UDP ' > REJECT udp -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-port-unreachable > DROP udp -- 0.0.0.0/0 0.0.0.0/0 > LOG icmp -- 0.0.0.0/0 0.0.0.0/0 LOG flags > 0 level 6 prefix `DROP-ICMP ' > DROP icmp -- 0.0.0.0/0 0.0.0.0/0 > LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: > avg 10/min burst 5 LOG flags 0 level 6 prefix `DROP-PROTO-ETC ' > REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-proto-unreachable > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Best Regards > Marcus > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Thx Joshua Gimer