From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexandru Dragoi Subject: Re: fc4 iptables blocking yum and smtp (postfix) Date: Sun, 30 Apr 2006 08:36:48 +0300 Message-ID: <44544CF0.20404@zoomnet.ro> References: <44544510.5020907@dtracorp.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <44544510.5020907@dtracorp.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: dave Cc: netfilter@lists.netfilter.org dave wrote: > hi all > > ok, i know this is an iptables issue, because both yum and smtp work > when i turn iptables off > > i don't really have any idea when it comes to server level stuff, so i > really need someone to help me out here > > i have been told that it has something to do with ESTABLISHED,RELATED > settings that i need to add (but don't know what i need to do) > > my iptables listed below > > thanks > dave > > [code] > # Generated by iptables-save v1.3.0 on Tue Apr 11 23:20:05 2006 > *filter > :FORWARD ACCEPT [0:0] > :INPUT DROP [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 22,10000 > -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports > 20,21,25,80,110,143,443,993,995,3306 > -A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 53,123 > #-A INPUT -p udp -m udp --sport 53 -j ACCEPT > # Localhost traffic > -A INPUT -i lo -j ACCEPT > COMMIT > # Completed on Tue Apr 11 23:20:05 2006 > # Generated by iptables-save v1.3.0 on Tue Apr 11 23:20:05 2006 > *mangle > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [247924:148337622] > > :OUTPUT ACCEPT [203797:85733410] > :POSTROUTING ACCEPT [203797:85733410] > :PREROUTING ACCEPT [273515:151663480] > COMMIT > # Completed on Tue Apr 11 23:20:05 2006 > # Generated by iptables-save v1.3.0 on Tue Apr 11 23:20:05 2006 > *nat > :OUTPUT ACCEPT [3330:227736] > :POSTROUTING ACCEPT [3330:227736] > :PREROUTING ACCEPT [41038:5544645] > COMMIT > # Completed on Tue Apr 11 23:20:05 2006 > [/code] > > Try adding -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --sports 22,10000 -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --sports 20,21,25,80,110,143,443,993,995,3306