Hi all,
First of all, a big hello to you all because I am new to the forums!
I currently have a root server from fasthosts and I cannot seem to ping my IP Address. The server is there and running as I can join the gameserver that is on it. I know this has something to do with IP Tables but I have tried everything I can think of or recommended to do via various tutorials.
I was wondering if you could take a look at my firewall file and tell me where I am going wrong because I am almost going blind by looking at it as I have been looking at it for hours lol.
Below is my firewall file from /etc/sysconfig (thanks so much in advance for any help!)
Regards
Mike
P.S I have tried changing # Drop ICMP echo request messages sent to multicast or broadcast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts from 1 to 0 but this made no difference.
Also when checking /proc/sys/net/ipv4/*.* all files are 0 bytes?
Code:
#!/bin/sh
#fix for passive ftp connection tracking
/sbin/modprobe ip_conntrack_ftp
# Drop ICMP echo request messages sent to multicast or broadcast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
# Enable TCP SYS cookie (DoS) protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
# Log packets with crazy source addresses
#echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
# Flush all chains
/sbin/iptables --flush
# Allow all loopback traffic
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Set default policies to drop all traffic
/sbin/iptables --policy INPUT DROP
#/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
# Allow previously initiated and accepted exchanges to bypass rule checking
# Allow all outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# PING
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Allow incoming port 22 (ssh) traffic
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
# Allow incoming port 80 and 443 (http/s) traffic
/sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
# Allow incoming port 53 (udp/tcp) dns traffic
/sbin/iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 69 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 69 -m state --state NEW -j ACCEPT
# Allow incoming port 25 (tcp) SMTP traffic
/sbin/iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT
# Allow incoming port 110 (tcp) POP3 traffic
/sbin/iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT
# Allow incoming port 123 (udp) NTP traffic
/sbin/iptables -A INPUT -p udp --dport 123 -m state --state NEW -j ACCEPT
# Allow incoming ports 20 and 21 (tcp) FTP traffic
/sbin/iptables -A INPUT -p tcp --dport 20 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
# Allow incoming port 3306 (udp/tcp) MySQL traffic
/sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 3306 -m state --state NEW -j ACCEPT
# Allow incoming port 5555 (tcp) MatrixSA traffic
/sbin/iptables -A INPUT -p tcp --dport 5555 -m state --state NEW -j ACCEPT
# Allow incoming port 8002/9001 (tcp) traffic for initial listeners
/sbin/iptables -A INPUT -p tcp --dport 8002 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 9001 -m state --state NEW -j ACCEPT
# Teamspeak
/sbin/iptables -A INPUT -p tcp --dport 14534 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 51234 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 8767 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 8768 -m state --state NEW -j ACCEPT
# SQL Server
/sbin/iptables -A INPUT -p tcp --dport 1433 -m state --state NEW -j ACCEPT
# COD2
/sbin/iptables -A INPUT -p udp --dport 20500 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 20510 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 28960 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 28960 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 20600 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 20610 -m state --state NEW -j ACCEPT
# GAMESPY
/sbin/iptables -A INPUT -p tcp --dport 13139 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 13139 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 27900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 27900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 28900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 28900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 29900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 29900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 29901 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 29901 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 6500 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 6500 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 6515 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 6515 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 3783 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 3783 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 6667 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 6667 -m state --state NEW -j ACCEPT
# Drop all other inbound traffic
/sbin/iptables -A INPUT -j DROP
# Save these rules so they are initiated when iptables is started
/sbin/service iptables save