At least I think that's the problem, though I can't see why.
My rules:
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport http -m state --state NEW -j ACCEPT#to allow ftp? #iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
iptables -vL results in:
Chain INPUT (policy DROP 10 packets, 320 bytes)
pkts bytes target prot opt in out source destination
397 46790 ACCEPT all -- !eth0 any anywhere anywhere
4435 3628K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED
3 144 REJECT tcp -- eth0 any anywhere anywhere reject-with tcp-reset
116 20550 REJECT udp -- eth0 any anywhere anywhere reject-with icmp-port-unreachable
0 0 ACCEPT all -- !eth0 any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED
0 0 REJECT tcp -- eth0 any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- eth0 any anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 35 packets, 7985 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5105 packets, 609K bytes)
pkts bytes target prot opt in out source destination
Attempts to connect to my ip via http are being refused with a 'connection refused' - seems like the connection is live, but attempts to connect are rebuffed. Anyone spot something wrong in the above?
-- Claude Jones Bluemont, VA, USA
