LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-27-2008, 10:02 PM   #1
jocast
Member
 
Registered: May 2004
Location: Laredo
Distribution: FC3
Posts: 185

Rep: Reputation: 30
IPTables strange behavior


Hello all

I have a problem with IP tables.
i have a web content filter server using iptables, squid and dansguardian. After months working on it i just kind of finish it. I just have a little problem

When i restart it i cant access pop3/smtp from outlook on my workstations

but if i copy and paste this the firewall script on a console it fixes the problem.

if i do iptables -L -n before and after pasting the firewall script it gives me the exact same rules.

also i have the firewall script file saved in /etc/init.d and made the shortcut in /etc/rc2.d also did the chmod 750 tp the file.

what can be the problem???


Firewall Script****************

iptables -F
iptables -X
iptables -Z
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

/sbin/iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -s 192.168.10.0/24 -i eth3 -j ACCEPT

iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.26/24 -i eth3 -p tcp --dport 4899 -j ACCEPT
iptables -A FORWARD -s 192.168.10.0/24 -i eth3 -j DROP

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 1:1024 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -p udp --dport 1:1024 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 10000 -j DROP

*************************************************************************
 
Old 02-27-2008, 10:56 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by jocast
if i do iptables -L -n before and after pasting the firewall script it gives me the exact same rules.
...
what can be the problem???
WAG: Could it be because you're messing with a sysctl MIB within a firewall script?

Quote:
Originally Posted by jocast
echo 1 > /proc/sys/net/ipv4/ip_forward
This is really the kind of thing that should be specified in /etc/sysctl.conf, i.e.:
net.ipv4.ip_forward=1

You can test this theory out before making any changes by toggling 'ip_forward' on and off. When turned off do the problem symptoms reappear?
 
Old 02-28-2008, 09:20 AM   #3
jocast
Member
 
Registered: May 2004
Location: Laredo
Distribution: FC3
Posts: 185

Original Poster
Rep: Reputation: 30
thank you anomie.
Worked fine
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange cdrom behavior MasterOfTheWind Linux - Hardware 1 04-12-2006 04:29 AM
scanf strange behavior chiahsin Linux - Software 2 12-02-2004 06:25 PM
Very Strange Behavior raysr Mandriva 4 08-31-2004 02:06 PM
Strange Behavior andrewb758 Linux - Hardware 5 08-31-2003 02:42 PM
strange behavior abhijit Linux - General 3 07-09-2003 11:25 PM


All times are GMT -5. The time now is 02:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration