Quote:
Originally Posted by bzlaskar
I am writing firewell rules using iptables to allow icmp traffic from 211.xxx.117.211 to
211.41.125.4 and vice versa . For this I have written rule 2 and 3. But after writing the rule
I cannot ping from either ends. But if I stop the firewall , it pings . That means the network
is O.K but there is some problem with the rules that I have written .
Please tell me how to write the rule correctly.
Code:
[root@localhost ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT icmp -- 211.xxx.117.211 211.41.125.4
ACCEPT icmp -- 211.41.125.4 211.xxx.117.211
ACCEPT icmp -- 211.xxx.117.0/24 211.xxx.117.211
ACCEPT tcp -- 211.xxx.117.0/28 211.xxx.117.211 tcp dpt:22
ACCEPT udp -- 211.xxx.117.211 211.41.99.3 udp dpt:53
ACCEPT udp -- 211.41.99.3 211.xxx.117.211 udp spt:53
ACCEPT tcp -- 211.xxx.117.211 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 211.xxx.117.211 tcp spt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
|
considering that your policy is set to ACCEPT, it would indicate to me that your packets are getting sent to REJECT by the last rule in the chain... in other words, the packet probably isn't matching any of the ACCEPT rules... to which boxes do the IPs you posted belong to?? are you sure the IPs are correct??
i also notice you have different IPs set as "destination" in your INPUT rules... this would imply that your interface has multiple IPs assigned to it... is that so?? maybe you could provide a little description of your setup to better understand the issue...