Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th November 2008, 19:22
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
Default IPtables wrong setup, no ping response

Yeah, got a new server again. It is becoming a yearly ritual ;-)

Of course something went wrong this time. I want to use IPtables as firewall (I do not use IPSconfig, but WebMin and VirtualMin). What is wrong with these rules?

My server was not responding on pings anymore after reboot and IPtables was the problem previous reboot as well..

These rules are applied in this order. If needed I can show you what the exact IPtables config is after applying these, with GUI created, rules.

IPtables didn't log anything into messages. The only big difference in the succesful 'system halt' and not succesful reboot is:

shutdown[3213]: shutting down for system halt
init: Switching to runlevel: 0

and

shutdown[15663]: shutting down for system reboot
init: Switching to runlevel: 6

TIA!

Incoming packets (INPUT)

Action Condition
Accept If input interface is not eth0
Accept If protocol is TCP and TCP flags ACK (of ACK) are set
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
Accept If protocol is UDP and destination port is 1024:65535 and source port is 53
Accept If protocol is ICMP and ICMP type is echo-reply
Accept If protocol is ICMP and ICMP type is destination-unreachable
Accept If source is 127.0.0.0/8
Accept If protocol is ICMP and ICMP type is source-quench
Accept If protocol is ICMP and ICMP type is time-exceeded
Accept If protocol is ICMP and ICMP type is parameter-problem
Accept If protocol is TCP and source is cc12####-a.ensch1.ov.home.nl and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and source is a80-101-###-###.adsl.xs4all.nl and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and source is ###.##.0.0/16 and destination ports are ssh,smtp,imaps,10000,82
Accept If protocol is TCP and destination ports are www,https
Accept If protocol is TCP and destination port is auth
Accept If protocol is ICMP and ICMP type is echo-request
Drop If protocol is TCP and destination port is 2049:2050
Drop If protocol is TCP and destination port is 6000:6063
Drop If protocol is TCP and destination port is 7000:7010
Accept If protocol is TCP and destination port is 1024:65535
Accept If protocol is UDP and destination port is 33434:33523
Reply With Quote
Sponsored Links
  #2  
Old 1st December 2008, 14:32
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

nm, appeared to be a bug in Xen

Rebooting just did not work at all, only via Xen (and thus the support of the hosting company).

FYI I used nmap XX.XX.XX.XX -P0 -p 22 to see somehow the port got filtered.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTPS error misterm Server Operation 43 7th September 2009 20:59
IPtables rule to let PPTP access LAN brianwebb01 Installation/Configuration 0 1st May 2008 21:23
Installation Troubles bswinnerton Installation/Configuration 4 29th July 2007 16:56
iptables issue with xen perfect setup - debian alexnz HOWTO-Related Questions 3 25th November 2006 13:49
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42


All times are GMT +2. The time now is 16:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.