LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Iptables with Netfilter Problem (http://www.linuxquestions.org/questions/linux-newbie-8/iptables-with-netfilter-problem-895747/)

databits 08-05-2011 09:51 AM

Iptables with Netfilter Problem
 
Hello, I have a CentOS 5.5 x64 Xen VPS. I installed Webmin, Pure-FTPD and, OpenVPN. My problem is none of them can't connect to the VPS. When I look into the Iptables, there is a Netfilter thing. Is there a way to remove or disable this?

allwimb 08-05-2011 11:00 AM

you can edit the rules table using iptables -D chain x with chain = INPUT or OUTPUT or FORWARD and x = the rule number
if it's a rule of the nat table you have to add -t nat.

spring logout

databits 08-05-2011 09:06 PM

I already added the rules for my VPN. Still I can't connect.
Code:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 123.123.123.123
Tried also with Masquerading, but no luck. However, I can connect to the VPN when iptables is disabled but I need iptables to route the traffic from VPS to my clients.

Submitted a ticket to the host but no response.:banghead:

Tinkster 08-05-2011 09:56 PM

How about you post the (possibly anonymised?) output of
iptables -L
so we can see what's actually being done?

databits 08-05-2011 10:07 PM

Here it is:
Code:

[root@vps1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    esp  --  anywhere            anywhere
ACCEPT    ah  --  anywhere            anywhere
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED                         
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh                                 
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited


Tinkster 08-05-2011 10:29 PM

Since all your policies are ACCEPT, and the first rule in
RH-Firewall-1-INPUT explicitly allows any traffic I don't think
that iptables is what's giving you grief.

Right. I just re-read the entire thread; can you please give a bit
more detail on the whole set-up? Your VPS is hosted on what machine?
Where did you install the aforementioned programs? Can you connect to
the VPS at all, in any way? You have full access to the machine that
hosts your VPS? Can that machine talk to the VPS?



Cheers,
Tink

databits 08-06-2011 07:52 PM

Hello, I solved my problem with the help of this blog. I have to manually add the port that I'm going to use. Webmin, Pure-FTPD, and OpenVPN are now working fine. Thanks.

I have a host-based firewall called Netfilter (iptables). That's what bugging me.


All times are GMT -5. The time now is 01:15 AM.