Freeciv 2.0.8

Mon Aug 13 22:48:31 UTC 2007

Tony Nelson wrote:
> At 2:09 PM -0500 8/13/07, Bruno Wolff III wrote:
>   
>> On Mon, Aug 13, 2007 at 14:13:39 -0400,
>>  Temlakos <temlakos at gmail.com> wrote:
>>     
>>>> This makes me think that firewall rules are a possible culprit.
>>>>
>>>>
>>>>         
>>> All right, here are my firewall rules:
>>>       
>> iptables -L is another way to get the firewall rules that shows what they
>> really are. What you have is what they are supposed to be. While they
>> are probably the same (though iptables output format is different)
>> it is possible for them to be different.
>>     
>
> I like `iptables -vL` so I can tell the difference between the localhost
> rules and the rest.  It also lists the traffic, which is useful in finding
> out what rules are getting triggered when something isn't quite right.
> tcpdump is also useful; even if you don't understand all of it you may see
> the port you need open.
>
> Please don't word-wrap the `iptables -vL` output in the email -- it makes
> it hard to read.
>   
Had to do som trial-and-error--turns out that "iptables" is an sbin
command. My "path" doesn't have it.

Herewith the output of '# sbin/iptables -vL':
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination         
> 28171   22M RH-Firewall-1-INPUT  all  --  any    any     
> anywhere             anywhere            
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination         
>     0     0 RH-Firewall-1-INPUT  all  --  any    any     
> anywhere             anywhere            
>
> Chain OUTPUT (policy ACCEPT 26383 packets, 8286K bytes)
>  pkts bytes target     prot opt in     out     source               
> destination         
>
> Chain RH-Firewall-1-INPUT (2 references)
>  pkts bytes target     prot opt in     out     source               
> destination         
>  1412 4273K ACCEPT     all  --  lo     any     anywhere             
> anywhere            
>    17  1020 ACCEPT     icmp --  any    any     anywhere             
> anywhere            icmp any
>     0     0 ACCEPT     esp  --  any    any     anywhere             
> anywhere            
>     0     0 ACCEPT     ah   --  any    any     anywhere             
> anywhere            
>    18  3185 ACCEPT     udp  --  any    any     anywhere             
> 224.0.0.251         udp dpt:mdns
>     0     0 ACCEPT     udp  --  any    any     anywhere             
> anywhere            udp dpt:ipp
>     0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            tcp dpt:ipp
> 26379   18M ACCEPT     all  --  any    any     anywhere             
> anywhere            state RELATED,ESTABLISHED
>     0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state NEW tcp dpt:ssh
>    95  8202 ACCEPT     udp  --  any    any     anywhere             
> anywhere            state NEW udp dpt:netbios-ns
>   164 39405 ACCEPT     udp  --  any    any     anywhere             
> anywhere            state NEW udp dpt:netbios-dgm
>    34  1632 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state NEW tcp dpt:netbios-ssn
>     1    48 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state NEW tcp dpt:microsoft-ds
>     0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state NEW tcp dpt:personal-agent
>     0     0 ACCEPT     udp  --  any    any     anywhere             
> anywhere            state NEW udp dpt:personal-agent
>     0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state NEW tcp dpt:postgres
>     0     0 ACCEPT     udp  --  any    any     anywhere             
> anywhere            state NEW udp dpt:postgres
>    51  4360 REJECT     all  --  any    any     anywhere             
> anywhere            reject-with icmp-host-prohibited

Temlakos