From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Gilles Yue" Subject: Help on IPTABLES Date: Thu, 9 Oct 2003 16:24:03 +0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <83055D4B014C9E478D2F04624B9E82CF39E7D2@noveldc.novelgmt.mu> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C38E60.39AD946C" Return-path: content-class: urn:content-classes:message Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------_=_NextPart_001_01C38E60.39AD946C Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, Can somebody explain to me why is when i changed my Chain INPUT Rules from ACCEPT to DROP, i cannot browse the internet despite opening port 80 in the INPUT rule. However, when Chain INPUT is changed to ACCEPT, browsing the internet works fine. (Note: CHAIN Output is accept for ALL) The configurations on my IPTABLES are as follows Chain INPUT (policy DROP) target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT udp -- anywhere anywhere udp spt:http Note that my OUTPUT Rules are as follows: Chain OUTPUT (policy ACCEPT) target prot opt source destination I have two network cards installed on my pc - running Red Hat 9.0 Routing for static routes are follows: xx.yy.zz.aa 0.0.0.0 255.255.255.0 U 0 0 0 eth0 xx.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 zz.zz.zz.zz 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 zz.zz.zz.zz 0.0.0.0 UG 0 0 0 eth1 Where zz.zz.zz.zz is my gateway to the internet. eth0 - Interface with local address eth1 - Interface with Internet address. By the way, is there a way to save static routes because when i reboot my pc, all routes are lost. Thanks for any help. gilles =20 _____ =20 =20 =20 ------_=_NextPart_001_01C38E60.39AD946C Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi all,

Can somebody explain to me why is when i changed my Chain INPUT Rules = from ACCEPT to DROP, i cannot browse the internet despite opening port 80 in = the INPUT rule.
However, when Chain INPUT is changed to ACCEPT, browsing the internet = works fine. (Note: CHAIN Output is accept for ALL)


The configurations on my IPTABLES are as follows

Chain INPUT (policy DROP)
target     prot opt = source           &= nbsp;   destination
RH-Lokkit-0-50-INPUT  all  --  anywhere           = ;  anywhere
ACCEPT     tcp  --  anywhere           = ;  anywhere           tcp = spt:http
ACCEPT     udp  --  anywhere           = ;  anywhere           udp = spt:http

Note that my OUTPUT Rules are as follows:

Chain OUTPUT (policy = ACCEPT)
target     prot opt source           &= nbsp;   destination

I have two network cards installed on my pc - running Red Hat 9.0

Routing for static routes are follows:

xx.yy.zz.aa        0.0.0.0         = 255.255.255.0       U     = 0      0        0 eth0
xx.0.0.0           0.0.0.0         255.0.0.0           U     0      = 0        0 eth1
127.0.0.0          0.0.0.0         255.0.0.0           U     0      = 0        0 lo
0.0.0.0            = zz.zz.zz.zz       = 0.0.0.0           UG    0      0        0 eth0
0.0.0.0            = zz.zz.zz.zz       0.0.0.0           UG    0      0        0 eth1

Where zz.zz.zz.zz is my gateway to the internet.
eth0 - Interface with local address
eth1 - Interface with Internet address.

By the way, is there a way to save static routes because when i reboot = my pc, all routes are lost.

Thanks for any help.

gilles

 

 

 

=00 ------_=_NextPart_001_01C38E60.39AD946C--