From mboxrd@z Thu Jan 1 00:00:00 1970 From: dave Subject: Re: fc4 iptables blocking yum and smtp (postfix) Date: Sun, 30 Apr 2006 16:03:51 +1000 Message-ID: <44545347.6000206@dtracorp.com> References: <44544510.5020907@dtracorp.com> <44544CF0.20404@zoomnet.ro> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <44544CF0.20404@zoomnet.ro> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" Cc: netfilter@lists.netfilter.org Alexandru Dragoi wrote: > dave wrote: > > >> hi all >> >> ok, i know this is an iptables issue, because both yum and smtp work >> when i turn iptables off >> >> i don't really have any idea when it comes to server level stuff, so i >> really need someone to help me out here >> >> i have been told that it has something to do with ESTABLISHED,RELATED >> settings that i need to add (but don't know what i need to do) >> >> my iptables listed below >> >> thanks >> dave >> >> [code] >> # Generated by iptables-save v1.3.0 on Tue Apr 11 23:20:05 2006 >> *filter >> :FORWARD ACCEPT [0:0] >> :INPUT DROP [0:0] >> :OUTPUT ACCEPT [0:0] >> -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 22,10000 >> -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports >> 20,21,25,80,110,143,443,993,995,3306 >> -A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 53,123 >> #-A INPUT -p udp -m udp --sport 53 -j ACCEPT >> # Localhost traffic >> -A INPUT -i lo -j ACCEPT >> COMMIT >> # Completed on Tue Apr 11 23:20:05 2006 >> # Generated by iptables-save v1.3.0 on Tue Apr 11 23:20:05 2006 >> *mangle >> :FORWARD ACCEPT [0:0] >> :INPUT ACCEPT [247924:148337622] >> >> :OUTPUT ACCEPT [203797:85733410] >> :POSTROUTING ACCEPT [203797:85733410] >> :PREROUTING ACCEPT [273515:151663480] >> COMMIT >> # Completed on Tue Apr 11 23:20:05 2006 >> # Generated by iptables-save v1.3.0 on Tue Apr 11 23:20:05 2006 >> *nat >> :OUTPUT ACCEPT [3330:227736] >> :POSTROUTING ACCEPT [3330:227736] >> :PREROUTING ACCEPT [41038:5544645] >> COMMIT >> # Completed on Tue Apr 11 23:20:05 2006 >> [/code] >> >> >> > Try adding > -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --sports 22,10000 > -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --sports > 20,21,25,80,110,143,443,993,995,3306 > > thanks, that seems to have done the trick