Can Surf

chrisj05 · 12-13-2005, 07:52 PM

Hi guys, Hope somebody can help me. I have set up a RH9 server at work. I have (win) machines on an internal network running 192.168.5.x tcp etc. These machines go though the RH9 machine to access the outside world. The problem is that these machines can (only)surf the Web. If I try to ping an outside address I get no reply, (They can ping the gateway and get a reply), if I try to pick up mail from an outside mail server, the mail client tells me that the server has terminated the connection and I cannot FTP.

I am reasonably confident that I have an incorrect setting (or something) in the new machine. The reason I beleive this, is that the new machine is a replacement for another machine that was running RH7.2 (on which the HD is slowly dieing). When I put the old machine back on, I dont have any of the above problems. I have looked at the settings on the old machine and they 'appear' to be the same. I have stopped/started IPTABLES and Squid on the new machine, but nothing seems to fix the problem.

Any help appreciated (yesterday I had black hair, today it suddenly white!)

Cheers

Chris

pddm · 12-13-2005, 08:35 PM

Did you check your Firewall settings?

Matir · 12-13-2005, 08:37 PM

Can you post your iptables ruleset? This is the most likely cause of the problem you have described. You probably have a rule like:

Code:

iptables -A FORWARD -p tcp --dport 80 -j ACCEPT

This would allow outbound port http on port 80.

chrisj05 · 12-13-2005, 09:57 PM

Hi guys, Here is my IPCHAINS file. (As mentioned I have tried stopping/starting this service)but to no avail ...

INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
#-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 203.32.160.10 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 203.32.166.10 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

Cheers

chrisj05 · 12-13-2005, 09:57 PM

Whoops, sorry my IPTABLES file