whois

whois

[Roger]

I'm having problems setting a rule to allow 'whois' queries.
With the following:
iptables -A OUTPUT  -o eth+ -p tcp --dport 43 -m state --state 
NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth+ -p tcp --sport 43 -m state --state ESTABLISHED 
-j ACCEPT

with any unmatching being logged, there is a log entry for inbound tcp to 
port 43

I was under the impression that since I'm originating the request, then 
the input should come through since it is an established connection.  If I 
modify the INPUT rule to allow NEW,ESTABLISHED then it works.

other services that I have set up in a similar fashion seem to work.

Any idea what's going on?

tia.
Roger

-- 

Re: whois

[Rasmus Bøg Hansen]

On Thu, 26 Sep 2002, Roger wrote:

>
> I'm having problems setting a rule to allow 'whois' queries.
> With the following:
> iptables -A OUTPUT  -o eth+ -p tcp --dport 43 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> iptables -A INPUT -i eth+ -p tcp --sport 43 -m state --state ESTABLISHED
> -j ACCEPT
>
> with any unmatching being logged, there is a log entry for inbound tcp to
> port 43

Yes, because you do not allow incoming return packets with source port
43. I would do:

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 43 --syn -j ACCEPT

All of this assuming that you are running whois from the firewall itself
(else you would have to put the rules in FORWARD).

/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
To alcohol!
The cause of - and solution to - all of life's problems!
                                        -- Homer Simpson
----------------------------------[ moffe at amagerkollegiet dot dk ] --