From mboxrd@z Thu Jan 1 00:00:00 1970 From: info Subject: Help on IPTABLES Date: Thu, 09 Oct 2003 16:20:02 +0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3F855272.2080201@novelgmt.intnet.mu> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="------------000000080202080701010709" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org --------------000000080202080701010709 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit hi all, Can somebody explain to me why is when i changed my Chain INPUT Rules from ACCEPT to DROP, i cannot browse the internet despite opening port 80 in the INPUT rule. However, when Chain INPUT is changed to ACCEPT, browsing the internet works fine. (Note: CHAIN Output is accept for ALL) The configurations on my IPTABLES are as follows _*Chain INPUT (policy DROP)*_ target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT udp -- anywhere anywhere udp spt:http Note that my OUTPUT Rules are as follows: _*Chain OUTPUT (policy ACCEPT)*_ target prot opt source destination I have two network cards installed on my pc - running Red Hat 9.0 Routing for static routes are follows: xx.yy.zz.aa 0.0.0.0 255.255.255.0 U 0 0 0 eth0 xx.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 zz.zz.zz.zz 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 zz.zz.zz.zz 0.0.0.0 UG 0 0 0 eth1 where zz.zz.zz.zz is my gateway to the internet. eth0 - Interface with local address eth1 - Interface with Internet address. By the way, is there a way to save static routes because when i reboot my pc, all routes are lost. Thanks for any help. guy --------------000000080202080701010709 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit hi all,

 Can somebody explain to me why is when i changed my Chain INPUT Rules from ACCEPT to DROP, i cannot browse the internet despite opening port 80 in the INPUT rule.
However, when Chain INPUT is changed to ACCEPT, browsing the internet works fine. (Note: CHAIN Output is accept for ALL)


The configurations on my IPTABLES are as follows

Chain INPUT (policy DROP)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere           tcp spt:http
ACCEPT     udp  --  anywhere             anywhere           udp spt:http

Note that my OUTPUT Rules are as follows:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I have two network cards installed on my pc - running Red Hat 9.0

Routing for static routes are follows:

xx.yy.zz.aa        0.0.0.0         255.255.255.0       U     0      0        0 eth0
xx.0.0.0           0.0.0.0         255.0.0.0           U     0      0        0 eth1
127.0.0.0          0.0.0.0         255.0.0.0           U     0      0        0 lo
0.0.0.0            zz.zz.zz.zz       0.0.0.0           UG    0      0        0 eth0
0.0.0.0            zz.zz.zz.zz       0.0.0.0           UG    0      0        0 eth1

where zz.zz.zz.zz is my gateway to the internet.
eth0 - Interface with local address
eth1 - Interface with Internet address.

By the way, is there a way to save static routes because when i reboot my pc, all routes are lost.

Thanks for any help.

guy


--------------000000080202080701010709--