Basic IPTables Question

Roy W. Erickson erickson at pixelmagicfx.com
Mon Aug 30 23:48:32 UTC 2004 

FYI: http://easyfwgen.morizot.net might give you some ideas..

On Mon, 2004-08-30 at 16:08, Aly Dharshi wrote:
> Hi Folks,
> 
> 	I am new to the world of IPTables and I have rules such as:
> 
> iptables -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED 
> -j ACCEPT
> iptables -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED 
> -j LOG --log-prefix "IPTABLES TCP-IN" --log-level 1
> 
> 	Where can I see these logs, I assumed that they would be in /var/log/messages 
> but nothing shows.
> 
> 	Secondly on this same box that is running this firewall I have a mail server 
> that just sends mail out, if I try to send a message from the box to the local 
> smtpd on the box it just sits there, these are all my rules:
> 
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED -j LOG 
> --log-prefix "IPTABLES TCP-IN" --log-level 1
> -A INPUT -d 161.184.244.187 -i eth0 -p udp -m state --state ESTABLISHED -j ACCEPT
> -A INPUT -d 161.184.244.187 -i eth0 -p udp -m state --state ESTABLISHED -j LOG 
> --log-prefix "IPTABLES UDP-IN" --log-level 1
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state NEW -m tcp --dport 
> 22 -j ACCEPT
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state NEW -m tcp --dport 
> 22 -j LOG --log-prefix "IPTABLES SSH-IN" --log-level 1
> -A OUTPUT -s 161.184.244.187 -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j 
> ACCEPT
> -A OUTPUT -s 161.184.244.187 -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j 
> LOG --log-prefix "IPTABLES TCP-OUT" --log-level 1
> -A OUTPUT -s 161.184.244.187 -o eth0 -p udp -m state --state NEW,ESTABLISHED -j 
> ACCEPT
> -A OUTPUT -s 161.184.244.187 -o eth0 -p udp -m state --state NEW,ESTABLISHED -j 
> LOG --log-prefix "IPTABLES UDP-OUT" --log-level 1
> 
> 	What am I doing wrong, should I have a rule to allow incoming 25 on tcp, as I 
> have listed the full hostname in the mail settings.
> 
> 	Cheers,
> 
> 	Aly.
> 
> 
> -- 
> Aly Dharshi
> aly.dharshi at telus.net
> 
> 	 "A good speech is like a good dress
> 	  that's short enough to be interesting
> 	  and long enough to cover the subject"
-- 
Roy W. Erickson
Senior Systems Engineer
Pixel Magic Effects
10635 Riverside Dr
N. Hollywood, CA 91602
818.760.0862
erickson at pixelmagicfx.com

More information about the fedora-list mailing list