HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   IPtables wrong setup, no ping response (http://www.howtoforge.com/forums/showthread.php?t=29078)

Aldert 29th November 2008 19:22

IPtables wrong setup, no ping response
 
Yeah, got a new server again. It is becoming a yearly ritual ;-)

Of course something went wrong this time. I want to use IPtables as firewall (I do not use IPSconfig, but WebMin and VirtualMin). What is wrong with these rules?

My server was not responding on pings anymore after reboot and IPtables was the problem previous reboot as well..

These rules are applied in this order. If needed I can show you what the exact IPtables config is after applying these, with GUI created, rules.

IPtables didn't log anything into messages. The only big difference in the succesful 'system halt' and not succesful reboot is:

shutdown[3213]: shutting down for system halt
init: Switching to runlevel: 0

and

shutdown[15663]: shutting down for system reboot
init: Switching to runlevel: 6

TIA!

Incoming packets (INPUT)

Action Condition
Accept If input interface is not eth0
Accept If protocol is TCP and TCP flags ACK (of ACK) are set
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
Accept If protocol is UDP and destination port is 1024:65535 and source port is 53
Accept If protocol is ICMP and ICMP type is echo-reply
Accept If protocol is ICMP and ICMP type is destination-unreachable
Accept If source is 127.0.0.0/8
Accept If protocol is ICMP and ICMP type is source-quench
Accept If protocol is ICMP and ICMP type is time-exceeded
Accept If protocol is ICMP and ICMP type is parameter-problem
Accept If protocol is TCP and source is cc12####-a.ensch1.ov.home.nl and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and source is a80-101-###-###.adsl.xs4all.nl and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and source is ###.##.0.0/16 and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and destination ports are www,https
Accept If protocol is TCP and destination port is auth
Accept If protocol is ICMP and ICMP type is echo-request
Drop If protocol is TCP and destination port is 2049:2050
Drop If protocol is TCP and destination port is 6000:6063
Drop If protocol is TCP and destination port is 7000:7010
Accept If protocol is TCP and destination port is 1024:65535
Accept If protocol is UDP and destination port is 33434:33523

Aldert 1st December 2008 14:32

nm, appeared to be a bug in Xen :eek:

Rebooting just did not work at all, only via Xen (and thus the support of the hosting company).

FYI I used nmap XX.XX.XX.XX -P0 -p 22 to see somehow the port got filtered.


All times are GMT +2. The time now is 19:01.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.