can't figure out this firewall problem

• Previous message: Joshua Baker-LePain: "physical memory support under RHEL for Opteron"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 31 Mar 2004 09:56:57 -0800
To: <redhat-list@redhat.com>

hello.

i posted about this same problem i'm having about a week ago without any
resolution so far. i'm coming back to the list in the hopes that someone
with an answer will see my post.

i'm using cacti to monitor some servers. everything was working fine
until about 1 month ago. then it all just stopped working. i don't
remember changing anything but it's not working.

the only way i can get it to work is if i turn off iptables completely.

here is my iptables configuration:

=-=-=-=-
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 123 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 123 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT

# added by root on 12/24/04 4:50pm (HTTPS)
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT

# added by root on 12/28/04 9:55pm (MySQL)
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 3306 --syn -j ACCEPT

# added by root on 3/18/04 5:12pm (SNMP)
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 161 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 161 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 162 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0
--dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0
--dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.10 --sport 53 -d 0/0 -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
=-=-=-=-

is there something wrong with it? am i still not allowing something that
should be coming through?

thanks,
chris.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

• Previous message: Joshua Baker-LePain: "physical memory support under RHEL for Opteron"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]