IPTables filtering what should be allowed outbound traffic

From: SmittyBroham (smittybroham_at_hotmail.com)
Date: 09/30/05

• Next message: Moe Trin: "Re: Router Recommendations"
• Previous message: holiday: "Re: nfs mount problems"
• Next in thread: Llanzlan Klazmon: "Re: IPTables filtering what should be allowed outbound traffic"
• Reply: Llanzlan Klazmon: "Re: IPTables filtering what should be allowed outbound traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 29 Sep 2005 16:18:41 -0700

Hello all,

I have a very simple firewall ruleset on a single interface which
should only be blocking everything inbound except to ports 22, 80, and
90.

My iptables rules are:

[root@ddcpq mlewis]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:90
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

DROP tcp -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@ddcpq mlewis]#

As you can see, I have no output filters defined.

The problem is, with these exact rules above loaded, I am unable to
send any outbound traffic save for ICMP. For example, I can ping our
mail server, but I can not 'telnet mail.server.com 110', it just hangs.
 I would like to allow all outbound traffic from our server with no
restrictions.

I'm running Red Hat Linux release 8.0 (Psyche) with iptables v1.2.6a.

These same symptoms are present on an entirely different virtual server
we manage as well, so I must be missing something fundamental. Anyone
know what it is?

---

• Next message: Moe Trin: "Re: Router Recommendations"
• Previous message: holiday: "Re: nfs mount problems"
• Next in thread: Llanzlan Klazmon: "Re: IPTables filtering what should be allowed outbound traffic"
• Reply: Llanzlan Klazmon: "Re: IPTables filtering what should be allowed outbound traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Need help configuring IPtables w/ DMZ, 2 LAN, and INET ... I am desperately in need of assistance in configuring an IPtables ... firewall on a Red Hat Linux 9.0 server. ... Chain FORWARD ... tcp dpt:25 flags:0x16/0x02 ... (comp.os.linux.networking) Re: Iptables not saving... ... Chain FORWARD (policy ACCEPT) ... Chain OUTPUT ... You want to direct its output to where iptables normally ... (Fedora) Re: Iptables not saving... ... Chain FORWARD (policy ACCEPT) ... Chain OUTPUT ... You want to direct its output to where iptables normally ... (Fedora) How much should I charge to setup a LAN? ... I've got kind of an opportunity here - at my client's, there's a "server," ... iptables -P INPUT DROP #only if the first two are succesful ... Chain FORWARD (policy ACCEPT) ... (sci.electronics.design) Re: some reality about iptables, please ... > That's the 'plumbing' level access to iptables which works for all Linux kernels supporting iptables, ... Chain POSTROUTING (policy DROP) ... DROPl all --!192.168.174.0/24 anywhere ... (Debian-User)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2005-09