[SOLVED] Iptables with Netfilter Problem

databits · 08-05-2011, 09:51 AM

Hello, I have a CentOS 5.5 x64 Xen VPS. I installed Webmin, Pure-FTPD and, OpenVPN. My problem is none of them can't connect to the VPS. When I look into the Iptables, there is a Netfilter thing. Is there a way to remove or disable this?

allwimb · 08-05-2011, 11:00 AM

you can edit the rules table using iptables -D chain x with chain = INPUT or OUTPUT or FORWARD and x = the rule number
if it's a rule of the nat table you have to add -t nat.

spring logout

databits · 08-05-2011, 09:06 PM

I already added the rules for my VPN. Still I can't connect.

Code:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 123.123.123.123

Tried also with Masquerading, but no luck. However, I can connect to the VPN when iptables is disabled but I need iptables to route the traffic from VPS to my clients.

Submitted a ticket to the host but no response.

Tinkster · 08-05-2011, 09:56 PM

How about you post the (possibly anonymised?) output of
iptables -L
so we can see what's actually being done?

databits · 08-05-2011, 10:07 PM

Here it is:

Code:

[root@vps1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED                           
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh                                  
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Tinkster · 08-05-2011, 10:29 PM

Since all your policies are ACCEPT, and the first rule in
RH-Firewall-1-INPUT explicitly allows any traffic I don't think
that iptables is what's giving you grief.

Right. I just re-read the entire thread; can you please give a bit
more detail on the whole set-up? Your VPS is hosted on what machine?
Where did you install the aforementioned programs? Can you connect to
the VPS at all, in any way? You have full access to the machine that
hosts your VPS? Can that machine talk to the VPS?

Cheers,
Tink

databits · 08-06-2011, 07:52 PM

Hello, I solved my problem with the help of this blog. I have to manually add the port that I'm going to use. Webmin, Pure-FTPD, and OpenVPN are now working fine. Thanks.

I have a host-based firewall called Netfilter (iptables). That's what bugging me.