Hi there!

I've got problems with iptables on the server I set up (slackware current + Linux 2.6.5). I compiled iptables as module. There's no error message, but iptables blocks me out!

It could be related to my rule-set, but I do not think so, because it's very simple:

$iptables -F
$iptables -t nat -F
$iptables -X

$iptables -P INPUT DROP
$iptables -P FORWARD DROP
$iptables -P OUTPUT DROP

$iptables -A INPUT -i lo -j ACCEPT
$iptables -A OUTPUT -o lo -j ACCEPT

$iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

$iptables -A OUTPUT -p tcp --sport 1024: --dport 22 -j ACCEPT
$iptables -A INPUT -p tcp --dport 22 -j ACCEPT

This should accept incoming and outgoing ping-Requests (works!!) and ssh-connections (which doesn't work!!)

'iptables -L' shows that the rules have been accepted allright. But I cannot connect to any ssh-server nor connect to my server by any client.

I thought it could be related to kernel 2.6, because I did not use iptables before with linux 2.6. Did I miss any module or config while compiling??

I also did compile iptables 1.29 by myself but the result is the same!!

I'm really helpless now.

Any advice??

thanks a lot,
Thomas

OK, have you done an iptables -L to see if the rules in operation are what you think they are? Have you run lsmod to make sure that the iptables modules are loaded? In your script you use the variable $iptables. Do you actually define it earlier in the script?

hi,

thanks for help, but I got the answer.

It was my rule-set. I forgot these three lines:

$iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
$iptables -A OUTPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
$iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT


sorry guys )