OK Then for next time... iptables -A #appends new rule to end of chain (probably a bad idea since the end of the chain is the reject so the packet is rejected before it is accepted iptables -I # inserts new rule to begining of chain (better idea since it comes before REJECT everything happens at the end of the chain) man iptables Craig On Thu, 2005-08-25 at 16:35 -0500, Steven J Lamb wrote: > im sorry i was not very specific. what i did was used iptables to add the > line. however i tryied modifying /etc/sysconfig/iptables and restarted it > ... lets see if that works > ----- Original Message ----- > From: "Craig White" <craigwhite@xxxxxxxxxxx> > To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> > Sent: Thursday, August 25, 2005 4:31 PM > Subject: Re: firewall problems > > > >I assumed that you were using a text editor. You should be able to > > select the last line that you added, 'cut' it to the clipboard, paste it > > above the REJECT line. > > > > Otherwise, what are you using to make the changes? > > > > Craig > > > > On Thu, 2005-08-25 at 16:27 -0500, Steven J Lamb wrote: > >> i am quite a newbie ... > >> > >> what you say means that i need to do a remove of both lines and add the > >> both in in the revers order ... is that correct ? > >> > >> ----- Original Message ----- > >> From: "Craig White" <craigwhite@xxxxxxxxxxx> > >> To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> > >> Sent: Thursday, August 25, 2005 4:25 PM > >> Subject: Re: firewall problems > >> > >> > >> > put the last line you added BEFORE the REJECT line > >> > > >> > then > >> > > >> > service iptables restart > >> > > >> > Craig > >> > > >> > On Thu, 2005-08-25 at 16:18 -0500, Steven J Lamb wrote: > >> >> ----- Original Message ----- > >> >> From: "Thomas Cameron" <thomas.cameron@xxxxxxxxxxxxxxx> > >> >> To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> > >> >> Sent: Thursday, August 25, 2005 3:49 PTable: filter > >> >> Chain FORWARD (policy ACCEPT) > >> >> target prot opt source destination > >> >> RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 > >> >> > >> >> Chain INPUT (policy ACCEPT) > >> >> target prot opt source destination > >> >> RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 > >> >> > >> >> Chain OUTPUT (policy ACCEPT) > >> >> target prot opt source destination > >> >> > >> >> Chain RH-Firewall-1-INPUT (2 references) > >> >> target prot opt source destination > >> >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > >> >> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type > >> >> 255 > >> >> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 > >> >> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 > >> >> ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp > >> >> dpt:5353 > >> >> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > >> >> dpt:631 > >> >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > >> >> RELATED,ESTABLISHED > >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > >> >> tcp > >> >> dpt:22 > >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > >> >> tcp > >> >> dpt:80 > >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > >> >> tcp > >> >> dpt:21 > >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > >> >> tcp > >> >> dpt:25 > >> >> REJECT all -- 0.0.0.0/0 0.0.0.0/0 > >> >> reject-with > >> >> icmp-host-prohibited > >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > >> >> tcp > >> >> dpt:110 > >> >> > >> >> note that i added the last line and saw no change in behavior. > >> >> although i > >> >> have not restarted or anything to that effect > >> >> Subject: Re: firewall problems > >> >> > >> >> > >> >> >> I am attempting to get my email server up and running. I am running > >> >> >> fedora > >> >> >> core 4. I have gotten my SMTP to work correctly. however my POP3 > >> >> >> does > >> >> >> not > >> >> >> appear to get through the firewall. I did not have to punch a hole > >> >> >> in > >> >> >> the > >> >> >> firewall myself for the SMTP, so I figured I would not need to for > >> >> >> my > >> >> >> pop. > >> >> >> when I telnet localhost 110 I get in to my server but when I telnet > >> >> >> in > >> >> >> from another machine I do not get into my server. I assume this > >> >> >> indicates > >> >> >> a firewall problem however I do not know what I need to modify in > >> >> >> order > >> >> >> to > >> >> >> fix this problem. > >> >> > > >> >> > What do you get when you run "service iptables status" as root? Can > >> >> > you > >> >> > post it to the list, please? > >> >> > > >> >> > Thomas > >> >> > > >> >> > -- > >> >> > fedora-list mailing list > >> >> > fedora-list@xxxxxxxxxx > >> >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > >> >> > > >> >> > >> > > >> > -- > >> > fedora-list mailing list > >> > fedora-list@xxxxxxxxxx > >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > >> > > >> > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > > >
