LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-14-2004, 05:27 PM   #1
Metaloid
LQ Newbie
 
Registered: Jul 2004
Posts: 2

Rep: Reputation: 0
strange x server problem with my iptables def.


Hello pals!
Here is my strange problem....
I've recently configured my fedora 2 box to work as a gateway to my "treacherous" father's windows xp box. Now I have a really messy thing happening. When I try to "startx" the Xserver, with the iptables definition script I've made activated, it crashes , doesn't enter, and, if I deactivate the script, it runs normaly, whitout problems. Please can anyone say what is wrong with it, here it is (I use eth0 for acessing the internet and eth1 for the LAN):

#!/bin/sh
PATH=/sbin:$PATH

iptables -X
iptables -F
iptables -t nat -F
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -j LOG -s 192.168.0.0/24 -i eth1
iptables -A INPUT -j LOG -s localhost/8 -i lo
iptables -A INPUT -j DROP -s 192.168.0.0/24 -i eth1
iptables -A INPUT -j DROP -s localhost/8 -i lo

iptables -A INPUT -j ACCEPT -i eth1
iptables -A INPUT -j ACCEPT -i lo

iptables -A INPUT -j ACCEPT -p tcp --dport 22

iptables -A INPUT -j ACCEPT -p tcp --dport 6000

iptables -A INPUT -j ACCEPT -p tcp --dport 1024: ! --syn

iptables -A INPUT -j ACCEPT -p udp -s 213.228.128.6 --sport 53 --dport 1024:
iptables -A INPUT -j ACCEPT -p udp -s 213.228.128.5 --sport 53 --dport 1024:

iptables -A INPUT -j ACCEPT -p icmp --icmp-type 0
iptables -A INPUT -j ACCEPT -p icmp --icmp-type 3

iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24 -d ! 192.168.0.0/24
 
Old 07-15-2004, 09:26 AM   #2
Technoslave
Member
 
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
Very messy. One of the first problems is your INPUT -j DROP should be the first thing, that way you close everything down, then you open the things you want to open.

http://www.technoslave.net/other/iptables.txt

Here's what my iptables looked like a while ago. It has the NATing and the Masquerading and whatever else you'll need.
 
Old 07-15-2004, 10:27 AM   #3
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Quote:
iptables -A INPUT -j ACCEPT -p tcp --dport 6000
You may not need this rule. For other INPUT rules consider using -i.
 
Old 07-15-2004, 02:31 PM   #4
Metaloid
LQ Newbie
 
Registered: Jul 2004
Posts: 2

Original Poster
Rep: Reputation: 0
Thankyou guys... But I've solved my problem with firestarter.... nice graphic firewall configuring util. Maybe I'm just too lazy to use brute text modes .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
adsl+iptables+port forward+"-m tcp" strange problem icry0000 Linux - Networking 3 07-31-2005 09:31 PM
Is there any app to convert emacs's syntax highlight def. file to vim's def. file ? cyu021 Linux - Software 0 10-05-2004 11:02 PM
strange x server problem alexisph Slackware 7 08-24-2004 06:11 PM
Strange problem about iptables DNAT. zufeng Linux - Networking 1 06-28-2003 11:09 AM
Strange iptables firewall problem. Bomber Linux - Security 5 01-15-2002 06:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration