So, I had to rebuild my RH9 machine after a hardware fault and chose CentOS 4.4. All was looking good and then I realised I didn't have a backup of my firewall script. No big deal, I used a pretty standard one but the customised NAT/MASQ was not backed up anywhere.
So I have put some NAT/MASQ commands in but I cannot resolve an issue for traffic on one port I am configuring. Although I have put the recommended lines into the script, I can still see packets being dropped in my /var/log/messages file.
Here's the scoop...
I am unsure whether I need to add other rules regarding established packets etc. but if anyone can enlighten me to my error/omission, I would be grateful.
The packet example you showed in your log example is a SYN packet which is the first packet of a NEW connection, and you don't have a rule to ACCEPT NEW packets..
The NEW rule needs to be just for that port. Otherwise everything gets in..
A better listing comes from iptables-save.
This shows what is active and in actual sequence..
|All times are GMT -5. The time now is 10:24 AM.|