Hi
My company is using an old version of iptables, it has lots of rules and chains. I have a new subnet which is coming in through a vpn tunnel into the iptables. The range is 10.11.0.0/16, I have added an allow rule and put it at the top but its stil getting blocked.
Here is how I added the rule
Code:
iptables -I INPUT 1 -s 10.11.0.0/16 -j ACCEPT
It now looks like this
Code:
oot@www:/etc/iptables# iptables -L -n|more
Chain INPUT (policy ACCEPT)
target prot opt source destination
FailSafe all -- 0.0.0.0/0 0.0.0.0/0
CountryLockouts tcp -- 0.0.0.0/0 0.0.0.0/0
PortDenies tcp -- 0.0.0.0/0 0.0.0.0/0
HostingLockouts tcp -- 0.0.0.0/0 0.0.0.0/0
Cyveillance tcp -- 0.0.0.0/0 0.0.0.0/0
Websense tcp -- 0.0.0.0/0 0.0.0.0/0
Verisign tcp -- 0.0.0.0/0 0.0.0.0/0
PicScout tcp -- 0.0.0.0/0 0.0.0.0/0
MSAzure tcp -- 0.0.0.0/0 0.0.0.0/0
MailLockouts tcp -- 0.0.0.0/0 0.0.0.0/0
WebLockouts tcp -- 0.0.0.0/0 0.0.0.0/0
ProblemIPs tcp -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 82.81.32.0/20 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT tcp -- 192.185.0.0/16 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT tcp -- 162.144.0.0/16 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
but its still getting blocked, I am seeing this in the log
Code:
Aug 30 18:37:33 fw-gs iptables GSFWD denied: IN=tun1 OUT=eth0 MAC= SRC=10.11.0.201 DST=10.1.60.50 LEN=60 TOS=00 PREC=0x00 TTL=60 ID=6274 DF PROTO=TCP SPT=48066 DPT=10050 SEQ=488128362 ACK=0 WINDOW=29200 SYN URGP=0
Really need some urgent help please