Rules for localhost, help needed.

All of lore.kernel.org
 help / color / mirror / Atom feed

* Rules for localhost, help needed.
@ 2005-07-25 20:54 Ginter, Jeff A
  2005-07-26  7:38 ` Jörg Harmuth
  0 siblings, 1 reply; 2+ messages in thread
From: Ginter, Jeff A @ 2005-07-25 20:54 UTC (permalink / raw)
  To: netfilter

On occasion, I configure iptables via webmin.  I am having a strange
problem where when I apply the rules from that GUI that it never comes
back.  If I close the web browser and restart, I can see everything
again, but it looks like I get cut off.  Also, I occasionally get some
redhat GUI issues as well and I think it's because of my rulebase.
These issues do not happen when I am connected remotely.

 

I have my ruleset below...am I missing anything for local that anyone
can see.

 

Thanks in advance...very appreciated.

 

RULES

[root@mae-fw ~]# iptables -L

Chain INPUT (policy DROP)

target     prot opt source               destination

DROP       all  --  192.168.222.0/24     anywhere

DROP       all  --  138.42.156.0/24      anywhere

ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere            tcp
multiport dports ssh,10000 state NEW

DROP       all  --  anywhere             anywhere

 

Chain FORWARD (policy DROP)

target     prot opt source               destination

DROP       all  --  192.168.222.0/24     anywhere

DROP       all  --  138.42.156.0/24      anywhere

ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED

ACCEPT     udp  --  anywhere             anywhere            udp
dpt:domain

ACCEPT     tcp  --  anywhere             anywhere            tcp

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere            tcp
multiport dports
ftp-data,ftp,ssh,telnet,domain,http,https,webcache,3389,5800,5801

DROP       all  --  anywhere             anywhere

 

Chain OUTPUT (policy DROP)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere            state
NEW,RELATED,ESTABLISHED

 

 

NATS

[root@mae-fw ~]# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

DNAT       all  -- !192.168.222.0/24     Etrust-scc.ca.com
to:192.168.222.101

DNAT       all  -- !192.168.222.0/24     Etrust-audit.ca.com
to:192.168.222.165

DNAT       all  -- !192.168.222.0/24     Etrust-pc.ca.com
to:192.168.222.130

DNAT       all  -- !192.168.222.0/24     Etrust-ws1.ca.com
to:192.168.222.100

DNAT       all  -- !192.168.222.0/24     Etrust-uni.ca.com
to:192.168.222.102

DNAT       all  -- !192.168.222.0/24     Etrust-vm.ca.com
to:192.168.222.115

DNAT       all  -- !192.168.222.0/24     Itrmsrv01.ca.com
to:192.168.222.150

 

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination

SNAT       all  --  192.168.222.0/24     anywhere
to:138.42.156.15

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

 

 

 

Jeff Ginter, CISSP

Computer Associates

Mid-Atlantic Total Protection

Consulting Manager

Office:  (908) 874-9726

Mobile:  (609) 577-1494

jeff.ginter@ca.com

 

 


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Rules for localhost, help needed.
  2005-07-25 20:54 Rules for localhost, help needed Ginter, Jeff A
@ 2005-07-26  7:38 ` Jörg Harmuth
  0 siblings, 0 replies; 2+ messages in thread
From: Jörg Harmuth @ 2005-07-26  7:38 UTC (permalink / raw)
  To: netfilter

Ginter, Jeff A schrieb:
> On occasion, I configure iptables via webmin.  I am having a strange
> problem where when I apply the rules from that GUI that it never comes
> back.  If I close the web browser and restart, I can see everything
> again, but it looks like I get cut off.  Also, I occasionally get some
> redhat GUI issues as well and I think it's because of my rulebase.
> These issues do not happen when I am connected remotely.
> 
>  
> 
> I have my ruleset below...am I missing anything for local that anyone
> can see.
...
> [root@mae-fw ~]# iptables -L

Please provide at least the output of "iptables -nvL", only -L isn't
enough. Or you may send the output of "iptables-save ...".

> Chain INPUT (policy DROP)
> 
> target     prot opt source               destination
> 
> DROP       all  --  192.168.222.0/24     anywhere
> 
> DROP       all  --  138.42.156.0/24      anywhere
> 
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> 
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> multiport dports ssh,10000 state NEW
> 
> DROP       all  --  anywhere             anywhere

Although no interfaces are shown, I can't see any rule, that could allow
lo. Seems to me that you are missing rules like these:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Have a nice time,

Joerg



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-07-26  7:38 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-25 20:54 Rules for localhost, help needed Ginter, Jeff A
2005-07-26  7:38 ` Jörg Harmuth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.