firewall problems

Craig White craigwhite at azapple.com
Thu Aug 25 21:44:54 UTC 2005 

OK Then for next time...

iptables -A #appends new rule to end of chain (probably a bad idea since
the end of the chain is the reject so the packet is rejected before it
is accepted

iptables -I # inserts new rule to begining of chain (better idea since
it comes before REJECT everything happens at the end of the chain)

man iptables

Craig

On Thu, 2005-08-25 at 16:35 -0500, Steven J Lamb wrote:
> im sorry i was not very specific. what i did was used iptables to add the 
> line. however i tryied modifying /etc/sysconfig/iptables and restarted it 
> ... lets see if that works
> ----- Original Message ----- 
> From: "Craig White" <craigwhite at azapple.com>
> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> Sent: Thursday, August 25, 2005 4:31 PM
> Subject: Re: firewall problems
> 
> 
> >I assumed that you were using a text editor. You should be able to
> > select the last line that you added, 'cut' it to the clipboard, paste it
> > above the REJECT line.
> >
> > Otherwise, what are you using to make the changes?
> >
> > Craig
> >
> > On Thu, 2005-08-25 at 16:27 -0500, Steven J Lamb wrote:
> >> i am quite a newbie ...
> >>
> >> what you say means that i need to do a remove of both lines and add  the
> >> both in in the revers order ... is that correct  ?
> >>
> >> ----- Original Message ----- 
> >> From: "Craig White" <craigwhite at azapple.com>
> >> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> >> Sent: Thursday, August 25, 2005 4:25 PM
> >> Subject: Re: firewall problems
> >>
> >>
> >> > put the last line you added BEFORE the REJECT line
> >> >
> >> > then
> >> >
> >> > service iptables restart
> >> >
> >> > Craig
> >> >
> >> > On Thu, 2005-08-25 at 16:18 -0500, Steven J Lamb wrote:
> >> >> ----- Original Message ----- 
> >> >> From: "Thomas Cameron" <thomas.cameron at camerontech.com>
> >> >> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> >> >> Sent: Thursday, August 25, 2005 3:49 PTable: filter
> >> >> Chain FORWARD (policy ACCEPT)
> >> >> target     prot opt source               destination
> >> >> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> >> >>
> >> >> Chain INPUT (policy ACCEPT)
> >> >> target     prot opt source               destination
> >> >> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> >> >>
> >> >> Chain OUTPUT (policy ACCEPT)
> >> >> target     prot opt source               destination
> >> >>
> >> >> Chain RH-Firewall-1-INPUT (2 references)
> >> >> target     prot opt source               destination
> >> >> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> >> >> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type
> >> >> 255
> >> >> ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
> >> >> ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
> >> >> ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp 
> >> >> dpt:5353
> >> >> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp 
> >> >> dpt:631
> >> >> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> >> >> RELATED,ESTABLISHED
> >> >> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> >> >> tcp
> >> >> dpt:22
> >> >> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> >> >> tcp
> >> >> dpt:80
> >> >> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> >> >> tcp
> >> >> dpt:21
> >> >> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> >> >> tcp
> >> >> dpt:25
> >> >> REJECT     all  --  0.0.0.0/0            0.0.0.0/0 
> >> >> reject-with
> >> >> icmp-host-prohibited
> >> >> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> >> >> tcp
> >> >> dpt:110
> >> >>
> >> >> note that i added the last line and saw no change in behavior. 
> >> >> although i
> >> >> have not restarted or anything to that effect
> >> >> Subject: Re: firewall problems
> >> >>
> >> >>
> >> >> >> I am attempting to get my email server up and running. I am running
> >> >> >> fedora
> >> >> >> core 4. I have gotten my SMTP to work correctly. however my POP3 
> >> >> >> does
> >> >> >> not
> >> >> >> appear to get through the firewall. I did not have to punch a hole 
> >> >> >> in
> >> >> >> the
> >> >> >> firewall myself for the SMTP, so I figured I would not need to for 
> >> >> >> my
> >> >> >> pop.
> >> >> >> when I telnet localhost 110 I get in to my server but when I telnet 
> >> >> >> in
> >> >> >> from another machine I do not get into my server. I assume this
> >> >> >> indicates
> >> >> >> a firewall problem however I do not know what I need to modify in
> >> >> >> order
> >> >> >> to
> >> >> >> fix this problem.
> >> >> >
> >> >> > What do you get when you run "service iptables status" as root?  Can
> >> >> > you
> >> >> > post it to the list, please?
> >> >> >
> >> >> > Thomas
> >> >> >
> >> >> > -- 
> >> >> > fedora-list mailing list
> >> >> > fedora-list at redhat.com
> >> >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >> >> >
> >> >>
> >> >
> >> > -- 
> >> > fedora-list mailing list
> >> > fedora-list at redhat.com
> >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >> >
> >>
> >
> > -- 
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> > 
>

More information about the fedora-list mailing list