iptables woes on woody, not accepting inbound connections

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: iptables woes on woody, not accepting inbound connections
From: Mark C <lists@funkypenguin.net>
Date: 22 Jul 2003 23:56:48 +0100
Message-id: <[🔎] 1058914608.748.2.camel@stimpy>
Reply-to: lists@funkypenguin.net

Hi,

I'm in the middle of trying to build a secure webserver, using stock
woody (2.4.18-bf2.4), 
the box is completely updates from last night. I install just the base
(never used deselect or taskselect) during the install, 
Once it was installed, I have installed:

apache
php4
ssh
dnsutils
lynx
iptables (choose not to run the init.d script)

The machine can surf the web no problem and accept inbound port 80 and
22 connections from other boxes on the same subnet.
(the box is at present not locked down, as I'm making sure certain
configurations work, then I will reinstall off the network and build it
up that way.)

I decided to test iptables, using a very,very basic script below:

#/bin/bash

/sbin/modprobe iptables
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack

/sbin/iptables -F
/sbin/iptables -X

/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP

/sbin/iptables -A INPUT  -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

/sbin/iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j
ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j
ACCEPT

/sbin/iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT

/sbin/iptables -A INPUT -p tcp -i eth0 --dport 22 --sport 1024:65535 -m
state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 --dport 80 --sport 1024:65535 -m
state --state NEW -j ACCEPT

I can do outbound nslookup requests no problem, but it now fails to
allow inbound connections at all, to either port 80 or port 22.

I have another box (this one is running redhat 8), which I'm replacing
with debian woody, so I killed that and loaded on a bloat riddled basic
rh install, ran the same script and that works as expected, allowing
inbound connections, all the same modules are loaded.

Just for the record, I'm running a woody/sarge/sid mix on my laptop and
that does the same as my test woody box, it just refused to accept
inbound connections

This is driving my mad, can anyone possibly point me in the right
direction, as it seems there may be something debian specific that I'm
missing.

cheers in advance

Mark

Reply to:

Follow-Ups:
- Re: iptables woes on woody, not accepting inbound connections
  - From: Mark C <lists@funkypenguin.net>
- Re: iptables woes on woody, not accepting inbound connections
  - From: Shaul Karl <shaulka@bezeqint.net>
- Re: iptables woes on woody, not accepting inbound connections
  - From: Richard Downer <rd-debian@frontiertown.co.uk>

Prev by Date: Re: X server won't start
Next by Date: php4 and apache
Previous by thread: Anyone setup Directfb?
Next by thread: Re: iptables woes on woody, not accepting inbound connections
Index(es):
- Date
- Thread