Re: Problem with iptables
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Karl E. Jorgensen wrote:
> Strange: With this rule as the *first* rule in the OUTPUT chain,
> *everything* outgoing should be accepted, regardless of source,
> destination or protocol!?
>
>> out_lan 0 -- 192.168.30.103 0.0.0.0/0
>> out_public_lan_124 0 -- 192.168.100.2 0.0.0.0/0
>> out_public_lan_125 0 -- 192.168.100.5 0.0.0.0/0
>> ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
>> ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'OUT-unknown:'' queue_threshold 1
>
> And yet your log entry appears to be the result of this rule...
>
>> DROP 0 -- 0.0.0.0/0 0.0.0.0/0
>
> Are you 100% sure that these were the rules in effect at the time of the
> log entry? It's not making sense ...
Yes...100% sure...i was doing many test and the result was that i had to
disable firehol (and iptables as well).
I could try to set up a different ruleset manually with iptables to see
if the problem is a kind strange combination of rules, but i'd like to
use firehol because i had never problem with it and i'm satisfied.
I checked all the kernel config (it's 2.6.21.1 compiled by myself) and
all modules from netfilter are compiled.
UHm...i just checked an another server with more or less the same
configuration...just that this server has two phisical interfaces and i
don't use in firehol conf the rule "interface ethX:X name dst
xxx.xxx.xxx.xxx".
I changed the firehol conf on the problematic server (deleted the dst
xxx....) and now it works.
The conf before i read about it because of different configuration for
each virtual and phisical interface...now i check how is the conf and if
everything is ok.
Thanks all.
Pier
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGOuSC0EvuLV/O0yoRAtq8AKClo97kIRomgIaB+he9nE18F0V67gCgjwMN
op6BXfwsOL7QXtPpBYid2Qs=
=Jn5P
-----END PGP SIGNATURE-----
Reply to: