LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-27-2007, 04:01 AM   #1
bzlaskar
Member
 
Registered: May 2006
Location: Bangalore, INDIA
Distribution: Fedora Core
Posts: 69
Blog Entries: 2

Rep: Reputation: 17
Unhappy Writing firewall rules with iptables


Hi All,

I am writing firewell rules using iptables to allow icmp traffic from 211.xxx.117.211 to
211.41.125.4 and vice versa . For this I have written rule 2 and 3. But after writing the rule
I cannot ping from either ends. But if I stop the firewall , it pings . That means the network
is O.K but there is some problem with the rules that I have written .

Please tell me how to write the rule correctly.

[root@localhost ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT icmp -- 211.xxx.117.211 211.41.125.4
ACCEPT icmp -- 211.41.125.4 211.xxx.117.211
ACCEPT icmp -- 211.xxx.117.0/24 211.xxx.117.211
ACCEPT tcp -- 211.xxx.117.0/28 211.xxx.117.211 tcp dpt:22
ACCEPT udp -- 211.xxx.117.211 211.41.99.3 udp dpt:53
ACCEPT udp -- 211.41.99.3 211.xxx.117.211 udp spt:53
ACCEPT tcp -- 211.xxx.117.211 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 211.xxx.117.211 tcp spt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination



With Thanks.
 
Old 02-27-2007, 07:41 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by bzlaskar
I am writing firewell rules using iptables to allow icmp traffic from 211.xxx.117.211 to
211.41.125.4 and vice versa . For this I have written rule 2 and 3. But after writing the rule
I cannot ping from either ends. But if I stop the firewall , it pings . That means the network
is O.K but there is some problem with the rules that I have written .

Please tell me how to write the rule correctly.

Code:
[root@localhost ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  127.0.0.1            0.0.0.0/0           
ACCEPT     icmp --  211.xxx.117.211      211.41.125.4        
ACCEPT     icmp --  211.41.125.4           211.xxx.117.211
ACCEPT     icmp --  211.xxx.117.0/24     211.xxx.117.211     
ACCEPT     tcp  --  211.xxx.117.0/28     211.xxx.117.211     tcp dpt:22 
ACCEPT     udp  --  211.xxx.117.211      211.41.99.3         udp dpt:53 
ACCEPT     udp  --  211.41.99.3          211.xxx.117.211     udp spt:53 
ACCEPT     tcp  --  211.xxx.117.211      0.0.0.0/0           tcp dpt:80 
ACCEPT     tcp  --  0.0.0.0/0            211.xxx.117.211     tcp spt:80 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (0 references)
target     prot opt source               destination
considering that your policy is set to ACCEPT, it would indicate to me that your packets are getting sent to REJECT by the last rule in the chain... in other words, the packet probably isn't matching any of the ACCEPT rules... to which boxes do the IPs you posted belong to?? are you sure the IPs are correct??

i also notice you have different IPs set as "destination" in your INPUT rules... this would imply that your interface has multiple IPs assigned to it... is that so?? maybe you could provide a little description of your setup to better understand the issue...

Last edited by win32sux; 02-27-2007 at 10:33 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables rules for basic firewall winxandlinx Linux - Security 7 10-27-2006 07:12 AM
help with firewall rules .. ipfilter<-->iptables playahater Linux - Security 1 03-05-2006 04:00 AM
Problem Iptables, Firewall rules. Can anybody help ? ZliTroX Linux - Networking 9 09-06-2004 04:48 PM
Firewall Rules Problem with Iptables JereBear Linux - Networking 1 06-16-2002 04:28 PM
Firewall Rules for daemons (Iptables) robeb Linux - Security 5 05-31-2002 04:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration