LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-05-2011, 09:51 AM   #1
databits
LQ Newbie
 
Registered: Jul 2011
Posts: 7

Rep: Reputation: Disabled
Question Iptables with Netfilter Problem


Hello, I have a CentOS 5.5 x64 Xen VPS. I installed Webmin, Pure-FTPD and, OpenVPN. My problem is none of them can't connect to the VPS. When I look into the Iptables, there is a Netfilter thing. Is there a way to remove or disable this?

Last edited by databits; 08-06-2011 at 07:53 PM.
 
Old 08-05-2011, 11:00 AM   #2
allwimb
Member
 
Registered: Aug 2011
Posts: 47

Rep: Reputation: Disabled
you can edit the rules table using iptables -D chain x with chain = INPUT or OUTPUT or FORWARD and x = the rule number
if it's a rule of the nat table you have to add -t nat.

spring logout

Last edited by allwimb; 12-12-2011 at 05:43 AM.
 
Old 08-05-2011, 09:06 PM   #3
databits
LQ Newbie
 
Registered: Jul 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
I already added the rules for my VPN. Still I can't connect.
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 123.123.123.123
Tried also with Masquerading, but no luck. However, I can connect to the VPN when iptables is disabled but I need iptables to route the traffic from VPS to my clients.

Submitted a ticket to the host but no response.
 
Old 08-05-2011, 09:56 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,972
Blog Entries: 11

Rep: Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877
How about you post the (possibly anonymised?) output of
iptables -L
so we can see what's actually being done?
 
Old 08-05-2011, 10:07 PM   #5
databits
LQ Newbie
 
Registered: Jul 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
Here it is:
Code:
[root@vps1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED                           
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh                                  
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Last edited by databits; 08-05-2011 at 10:09 PM.
 
Old 08-05-2011, 10:29 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,972
Blog Entries: 11

Rep: Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877
Since all your policies are ACCEPT, and the first rule in
RH-Firewall-1-INPUT explicitly allows any traffic I don't think
that iptables is what's giving you grief.

Right. I just re-read the entire thread; can you please give a bit
more detail on the whole set-up? Your VPS is hosted on what machine?
Where did you install the aforementioned programs? Can you connect to
the VPS at all, in any way? You have full access to the machine that
hosts your VPS? Can that machine talk to the VPS?



Cheers,
Tink
 
Old 08-06-2011, 07:52 PM   #7
databits
LQ Newbie
 
Registered: Jul 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
Hello, I solved my problem with the help of this blog. I have to manually add the port that I'm going to use. Webmin, Pure-FTPD, and OpenVPN are now working fine. Thanks.

I have a host-based firewall called Netfilter (iptables). That's what bugging me.
 
  


Reply

Tags
centos, firewall, iptables, netfilter, problem


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Netfilter + iptables? littlebigman Linux - Security 3 03-28-2011 12:25 PM
Netfilter/IPtables Trade off! L_Masoumi Linux - Security 11 05-25-2009 09:29 AM
i have a question about netfilter/iptables jean2e Linux - Security 2 04-26-2009 10:34 AM
Netfilter / IPtables SWAT Linux - Newbie 3 11-11-2003 09:04 AM
Netfilter/iptables on Linux Debra Linux - Newbie 0 10-03-2002 06:33 PM


All times are GMT -5. The time now is 01:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration