Re: Basic IPTables Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

FYI: http://easyfwgen.morizot.net might give you some ideas..

On Mon, 2004-08-30 at 16:08, Aly Dharshi wrote:
> Hi Folks,
> 
> 	I am new to the world of IPTables and I have rules such as:
> 
> iptables -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED 
> -j ACCEPT
> iptables -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED 
> -j LOG --log-prefix "IPTABLES TCP-IN" --log-level 1
> 
> 	Where can I see these logs, I assumed that they would be in /var/log/messages 
> but nothing shows.
> 
> 	Secondly on this same box that is running this firewall I have a mail server 
> that just sends mail out, if I try to send a message from the box to the local 
> smtpd on the box it just sits there, these are all my rules:
> 
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED -j LOG 
> --log-prefix "IPTABLES TCP-IN" --log-level 1
> -A INPUT -d 161.184.244.187 -i eth0 -p udp -m state --state ESTABLISHED -j ACCEPT
> -A INPUT -d 161.184.244.187 -i eth0 -p udp -m state --state ESTABLISHED -j LOG 
> --log-prefix "IPTABLES UDP-IN" --log-level 1
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state NEW -m tcp --dport 
> 22 -j ACCEPT
> -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state NEW -m tcp --dport 
> 22 -j LOG --log-prefix "IPTABLES SSH-IN" --log-level 1
> -A OUTPUT -s 161.184.244.187 -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j 
> ACCEPT
> -A OUTPUT -s 161.184.244.187 -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j 
> LOG --log-prefix "IPTABLES TCP-OUT" --log-level 1
> -A OUTPUT -s 161.184.244.187 -o eth0 -p udp -m state --state NEW,ESTABLISHED -j 
> ACCEPT
> -A OUTPUT -s 161.184.244.187 -o eth0 -p udp -m state --state NEW,ESTABLISHED -j 
> LOG --log-prefix "IPTABLES UDP-OUT" --log-level 1
> 
> 	What am I doing wrong, should I have a rule to allow incoming 25 on tcp, as I 
> have listed the full hostname in the mail settings.
> 
> 	Cheers,
> 
> 	Aly.
> 
> 
> -- 
> Aly Dharshi
> aly.dharshi@xxxxxxxxx
> 
> 	 "A good speech is like a good dress
> 	  that's short enough to be interesting
> 	  and long enough to cover the subject"
-- 
Roy W. Erickson
Senior Systems Engineer
Pixel Magic Effects
10635 Riverside Dr
N. Hollywood, CA 91602
818.760.0862
erickson@xxxxxxxxxxxxxxxx
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux