Strange IPTables or Perhaps its not IPtables problem?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Strange IPTables or Perhaps its not IPtables problem?
Hi All,
I seem to be having a problem with an application i'm running when i enable the firewall. The application works as part of a cluster and has constant communications running between two nodes. To make life easy all i did between the two nodes as firewall rules is the following:-
iptables -A INPUT -i bond0 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i bond0 -s x.x.x.x -j ACCEPT
iptables -A INPUT -i bond0 -s x.x.x.x -j ACCEPT
OK, now to me these rules if run on both servers will make sure each server can connect to any port using any protocol (tcp,udp,icmp), and then I'm logging any packets that are otherwise dropped. The rules above are as part of a greater set of rules but these are more or less the first set of rules in the list and therefore any communications between the hosts should not be dropped at all.
However i can't see any packets being dropped that may have stopped this application from working properly. However if i'm wrong in thinking that the above rules do allow all protocols and ports open to the hosts specified then that could be my problem?
I seem to be having a problem with an application i'm running when i enable the firewall. The application works as part of a cluster and has constant communications running between two nodes. To make life easy all i did between the two nodes as firewall rules is the following:-
iptables -A INPUT -i bond0 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i bond0 -s x.x.x.x -j ACCEPT
iptables -A INPUT -i bond0 -s x.x.x.x -j ACCEPT
i'm not sure about this, pls explain more details,
the -i bond0 refers to which devices? 2 or more NIC on single server or maybe you have any other perspective?
and the -s 127/8 points to what/where? are you trying to filter ip spoofing?
Quote:
However if i'm wrong in thinking that the above rules do allow all protocols and ports open to the hosts specified then that could be my problem?
yup, generally speaking - i think it is.
i see that you had only ACCEPT action from your posted rules for those x.x.x.x sources, so how can iptables block/DROP any traffic as you required to?
i'm not sure about this, pls explain more details,
the -i bond0 refers to which devices? 2 or more NIC on single server or maybe you have any other perspective?
and the -s 127/8 points to what/where? are you trying to filter ip spoofing?
yup, generally speaking - i think it is.
i see that you had only ACCEPT action from your posted rules for those x.x.x.x sources, so how can iptables block/DROP any traffic as you required to?
Hi there,
Yes you are correct bond0 refers to eth0 and eth1 network interfaces. These run in an active passive set-up (only one running at any one time).
127.0.0.1/8 is standard localhost and i'm eusuring the localhost can route packets to itself. Exactly my question i accept all packets between these hosts and log anything that is dropped. And no packets between the hosts are dropped at any point (that is only a tiny snippet of the rules). And yet with the firewall on the application between the hosts doesn't run and with iptables off the application runs fine. I've set-up no limits on number of packets to be sent in amount of time or anything of this nature.
However this no longer really matters, but i still would have liked to have got to the bottom of the problem.
you should LOG the bad packet first prior to DROP/REJECT, if you DROP them first then you cant LOG them
Yep i know that thanks, thats my point they're not logged and they should be because all log statements come before any drop statements. Thats why this is so much of a mystery.
Yes well spotted, 127/8 should be on loopback, didnt think about that one, and in fact can probably not even required to put anything in for the loopback interface as is only local traffic anyway.
I'd forget about it, i don't think i will be able to get to the bottom of it which is rather annoying. It doesn't make sence, but at the same time we're not going to be using this application anymore so it doesn't matter.
Cheers,
MJ
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.