iptables?

Ralph W. Reid rreid at sunset.net
Wed Mar 28 12:06:03 EDT 2007


You might want to try logging some of iptables' activities to
determine what exactly is being blocked.  If the lines you listed are
in a script, you can insert the following line just before the 'INPUT
DROP' line to log the incoming packets at that point to see what is
reaching that point in your iptables rules:

iptables -a INPUT -j LOG --log-prefix " input drop "

The resulting log entries will be in /var/syslog ('grep "input drop"
/var/syslog' will display the results).  You may want to comment out
or remove this new line from your script when you are done using it,
and then use the iptables delete option or rerun the script to clear
the tables--this iptables command may produce a lot of log entries
very quickly.

HTH, and have a great day.

On Tue, Mar 27, 2007 at 01:16:15PM -0700, Littlefield, Tyler wrote:
> I'm trying to use apt-get, I'm not sure what I would need to enable to get
> that.
> ----- Original Message ----- 
> From: "Ralph W. Reid" <rreid at sunset.net>
> To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca>
> Sent: Tuesday, March 27, 2007 11:40 AM
> Subject: Re: iptables?
> 
> 
> > You have only allowed tcp protocol on various ports.  Could you
> > perhaps be doing something which involves other protocols such as udp
> > or icmp?
> >
> > On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote:
> > > Hello list,
> > > I've got the following iptables set.
> > > iptables -F
> > > iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 80 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 110 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 3784 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 443 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 6666:6670 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 10000 -j ACCEPT
> > > iptables -A INPUT -p tcp --sport 20000 -j ACCEPT
> > > iptables -P INPUT DROP
> > > iptables -P OUTPUT ACCEPT
> > > I'm dmzed, and when I run this, it puts everything to filter.
> > > Any idea what I'm doing wrong?
> > > Thanks,
> > > ~~TheCreator~~
> > > _______________________________________________
> > > Speakup mailing list
> > > Speakup at braille.uwo.ca
> > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> > -- 
> > Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
> > rreid at sunset.net  http://personalweb.sunset.net/~rreid
> > ...passing through The City of Internet at the speed of light...
> > 1 = x^0

-- 
Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
rreid at sunset.net  http://personalweb.sunset.net/~rreid
...passing through The City of Internet at the speed of light...
TAN (x) = SIN (x) / COS (x)




More information about the Speakup mailing list