iptables is blocking sites...
 

Hi there,
I have a strange problem...
I use an old pc as router/firewall, Debian 3.1 kernel 2.6.8 and iptables 1.3.3 is installed on the machine.
To generate the iptables script i used the Easy Firewall Generator .

The problem is that a few websites doesn't load, like:
hotmail.com > the browser (ie & ff) hangs on "transferring data"
msn.com > hangs also on "waiting for..."
Also my pc banking doesn't work anymore...

There are no problems with the internet provider, clients or with the hosting of the websites because i tried them on another machine with another connection and that works fine...

I think the problem is in the iptables script, when i turn off iptables and try to surf with the linux pc with Lync ( console browser ), msn, hotmail,... works fine, but when i put iptables on it doesn't work anymore :(

I don't know what's wrong with the script :( It works fine before but due a harddisk crash i had to reinstall it.

Link to the iptables script

That is a REALLY complex script for most purposes. I noticed it doesn't load ipt_state, but does use stateful filtering. It also opens ports for ftp even.
I'd start off by making sure ipt_state gets loaded. And, don't forget about ipt_MASQUERADE if you're going to be doing MASQ.

Yeh i have running an ftp and also some ports are forwarded.
I can use email, ftp, bittorent, irc,.. only just a few sites doesn't work.

Anything showing up in the logfiles?

Try using a GUI firewall, like Guarddog or Firestarter. The scripts they create are not nearly as complex as the one you are using.

Can you ping the sites you are having problems connecting to?

ping doesn't work, i guess it's blocked on their host.
But traceroute works fine.
I've used easy firewall generator on my previous system and that worked fine, maybe there's something else wrong but i don't know what :s

craigevil i can't use guarddog or firestarter because i have no X on the router

Oh my god.
I've found the problem, the iptables script is ok. What i've done is powering off my ethernet modem and put it back on, and guess what, the sites are loading now :rolleyes:
Never had this problem before. It's an Alcatel ADSL 1000

Odd. Perhaps some sort of firmware bug? Glad it's not iptables though. :)

I've been stuck with this for ages and haven't been able to find any duplication of the problem, let alone a fix. I have just powered down my Linksys wireless router, and I am now able to view both www.ebuyer.com and www.gnome.org for the first time in about 3-4 months. I have even tried pinging these sites from my modem router which is, of course, before the 4-way wireless - no luck.

But now, thanks to you,:D I will waste merrily waste the rest of the evening with my dear old friends ebuyer and gnome.

Thank you very much

Essexman