Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need help configuring my firewall.
I am running a separate box as my server & accessing sites from there is fine but when accessing any site from another computer on my network it takes about 15 seconds before anything happens! Once it has made the connection though it flies along (cable connection) but it's just that first 15 seconds that has got me stumped. Granted the server is just an old crappy duron 800 but that shouldn't matter, especially seeings that access from there is instantaneous .
Anyways, heres my iptables-save output:
[root@<SERVER HOSTNAME> ~]# iptables-save
# Generated by iptables-save v1.2.11 on Sun Feb 20 17:55:53 2005
*mangle
:PREROUTING ACCEPT [23335:1345317]
:INPUT ACCEPT [23249:1334715]
:FORWARD ACCEPT [71:5558]
:OUTPUT ACCEPT [26627:18957948]
:POSTROUTING ACCEPT [26698:18963506]
COMMIT
# Completed on Sun Feb 20 17:55:53 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 17:55:53 2005
*nat
:PREROUTING DROP [4458:192479]
:POSTROUTING DROP [0:0]
:OUTPUT DROP [0:0]
-A PREROUTING -i lo -j ACCEPT
-A PREROUTING -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
-A PREROUTING -m limit --limit 1/sec -j LOG --log-prefix "PRER:-> "
-A POSTROUTING -o lo -j ACCEPT
-A POSTROUTING -o eth0 -j SNAT --to-source <SERVER IP NUMBER>
-A POSTROUTING -m limit --limit 1/sec -j LOG --log-prefix "POSTR:-> "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s <SERVER IP NUMBER> -o eth0 -j ACCEPT
-A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "OUTR:-> "
COMMIT
# Completed on Sun Feb 20 17:55:53 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 17:55:53 2005
*filter
:INPUT DROP [19:776]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j DROP
-A INPUT -s 10.0.0.0/255.255.255.0 -i eth0 -j DROP
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -d <SERVER IP NUMBER> -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "INPUT:-> "
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -s 192.168.0.10 -i eth1 -j ACCEPT
-A FORWARD -s 192.168.0.2 -i eth1 -j ACCEPT
-A FORWARD -m limit --limit 1/sec -j LOG --log-prefix "FORWARD:-> "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth1 -j ACCEPT
-A OUTPUT -s <SERVER IP NUMBER> -o eth0 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -j DROP
-A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "OUTPUT:-> "
COMMIT
# Completed on Sun Feb 20 17:55:53 2005
If anyone can see a problem with this config or thinks things could be done a better way, please, I need your help!
Thanks to anyone who takes the time to aid me with this problem
Thanks for your reply musicman_ace but I sorted it about 2 hours after you posted.
It seems that my bloody service provider, "Optusnet" here in Aus, changed their bloody nameserver IP's & didn't bother to inform me, how nice of them, obviously I'm not a valued customer!! (Oh well, we can't expect too much from a phone company now can we, especially in this country!!)
So anyway, their primary became their secondary & their new primary had a completely different IP, no wonder things were bogn' up!!
I wonder how many other Linux users are out there experiencing the exact same thing?
So kiddies, what have we learned today? One should check one's nameserver IP's daily, or, the bigger the business the less they care for the customer?!? Man how I wish the our governments worked!! ARSEHOLES !!!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.