Hi Rob,

 

I have made changes just like you said. And I still I cannot browse!

Is there something wrong with my other chain rules or with the routing with my network cards?(Note I have two network cards) Please help. Thanks.

 

 

Chain INPUT (policy DROP)

 

target     prot opt source               destination

 

RH-Lokkit-0-50-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:80

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:80

 

Chain FORWARD (policy ACCEPT)

 

target     prot opt source               destination

RH-Lokkit-0-50-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

 

Chain OUTPUT (policy ACCEPT)

 

target     prot opt source               destination

 

Chain RH-Lokkit-0-50-INPUT (2 references)

target     prot opt source               destination

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp

dpts:0:1023 flag                                            s:0x16/0x02

reject-with icmp-port-unreachable

REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:2049

flags:0                                            x16/0x02 reject-with

icmp-port-unreachable

REJECT     udp  --  0.0.0.0/0            0.0.0.0/0          udp

dpts:0:1023 reje                                            ct-with

icmp-port-unreachable

REJECT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:2049

reject-                                            with

icmp-port-unreachable

REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp

dpts:6000:6009 f                                           

lags:0x16/0x02 reject-with icmp-port-unreachable

REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:7100

flags:0                                            x16/0x02 reject-with

icmp-port-unreachable

 

 

 

 

 

 

 

 

 

 

-----Original Message-----
From: Rob Sterenborg [mailto:rob@sterenborg.info]
Sent: Thursday, October 09, 2003 5:55 PM
To: Gilles Yue; netfilter@lists.netfilter.org
Subject: RE: Help on IPTABLES

 

> Can somebody explain to me why is when i changed my Chain

> INPUT Rules from ACCEPT to DROP, i cannot browse the internet

> despite opening port 80 in the INPUT rule.

...

> Chain INPUT (policy DROP)

> target     prot opt source               destination

> RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

> ACCEPT     tcp  --  anywhere             anywhere          

> tcp spt:http

> ACCEPT     udp  --  anywhere             anywhere          

> udp spt:http

 

Because you used sport. You are trying to reach servers that are

*listening* on port 80/443 so you should use dport (destination = port

80/443). You are most likely not sending from port 80/443.

 

 

Gr,

Rob