Hi Rob,
I have made changes just like you said. And I still I cannot browse!
Is there something wrong with my other chain rules or with the routing with my network cards?(Note I have two network cards) Please help. Thanks.
Chain INPUT (policy DROP)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:0:1023 flag s:0x16/0x02
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049
flags:0 x16/0x02 reject-with
icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:0:1023 reje ct-with
icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049
reject- with
icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:6000:6009 f
lags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100
flags:0 x16/0x02 reject-with
icmp-port-unreachable
-----Original Message-----
From: Rob Sterenborg [mailto:rob@sterenborg.info]
Sent: Thursday, October 09, 2003 5:55 PM
To: Gilles Yue; netfilter@lists.netfilter.org
Subject: RE: Help on IPTABLES
> Can somebody explain to me why is when i changed my Chain
> INPUT Rules from ACCEPT to DROP, i cannot browse the internet
> despite opening port 80 in the INPUT rule.
...
> Chain INPUT (policy DROP)
> target prot opt source destination
> RH-Lokkit-0-50-INPUT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere
> tcp spt:http
> ACCEPT udp -- anywhere anywhere
> udp spt:http
Because you used sport. You are trying to reach servers that are
*listening* on port 80/443 so you should use dport (destination = port
80/443). You are most likely not sending from port 80/443.
Gr,
Rob