View Single Post
  #1  
Old 29th November 2008, 20:22
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
Default IPtables wrong setup, no ping response

Yeah, got a new server again. It is becoming a yearly ritual ;-)

Of course something went wrong this time. I want to use IPtables as firewall (I do not use IPSconfig, but WebMin and VirtualMin). What is wrong with these rules?

My server was not responding on pings anymore after reboot and IPtables was the problem previous reboot as well..

These rules are applied in this order. If needed I can show you what the exact IPtables config is after applying these, with GUI created, rules.

IPtables didn't log anything into messages. The only big difference in the succesful 'system halt' and not succesful reboot is:

shutdown[3213]: shutting down for system halt
init: Switching to runlevel: 0

and

shutdown[15663]: shutting down for system reboot
init: Switching to runlevel: 6

TIA!

Incoming packets (INPUT)

Action Condition
Accept If input interface is not eth0
Accept If protocol is TCP and TCP flags ACK (of ACK) are set
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
Accept If protocol is UDP and destination port is 1024:65535 and source port is 53
Accept If protocol is ICMP and ICMP type is echo-reply
Accept If protocol is ICMP and ICMP type is destination-unreachable
Accept If source is 127.0.0.0/8
Accept If protocol is ICMP and ICMP type is source-quench
Accept If protocol is ICMP and ICMP type is time-exceeded
Accept If protocol is ICMP and ICMP type is parameter-problem
Accept If protocol is TCP and source is cc12####-a.ensch1.ov.home.nl and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and source is a80-101-###-###.adsl.xs4all.nl and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and source is ###.##.0.0/16 and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and destination ports are www,https
Accept If protocol is TCP and destination port is auth
Accept If protocol is ICMP and ICMP type is echo-request
Drop If protocol is TCP and destination port is 2049:2050
Drop If protocol is TCP and destination port is 6000:6063
Drop If protocol is TCP and destination port is 7000:7010
Accept If protocol is TCP and destination port is 1024:65535
Accept If protocol is UDP and destination port is 33434:33523
Reply With Quote
Sponsored Links