Thanks this plus reversing the rules for apache solved the problem. > Try to use this: > > iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -J ACCEPT > > I think the problem is you are not telling to iptables how go out. > > In spanish: No tienes has especificado que tiene que hacer o por donde > han de ir los paquetes de vuelta. > > Regards, > Fleky > > > 2005/6/2, Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]>: >> On 2005-06-01 JM wrote: >> > This is a configuration that is not working with apache after some >> > upgrades to the system. If turning off iptables, apache is >> allowed.The >> > syntax appears OK. Amule with id also not working. >> > Here is the configuration: >> > ############################################ >> > iptables -F >> > iptables -t nat -F >> > >> > iptables -A INPUT -s 127.0.0.1 -j ACCEPT >> > iptables -A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT >> > >> > >> > #X >> > iptables -A INPUT -i eth0 -p TCP -s 0/0 --dport 6000:6005 -j DROP >> > iptables -A INPUT -i eth0 -p UDP -s 0/0 --dport 6000:6005 -j DROP >> > >> > #ICMP >> > iptables -A INPUT -i eth0 -p ICMP --icmp-type 8 -j DROP >> > iptables -A INPUT -i eth0 -p ICMP --icmp-type 0 -m limit --limit 1/s >> -j ACCEPT >> > iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT >> >> Because of the third ICMP rule, the second one is pointless. >> >> > #lo mio OK >> > iptables -A INPUT -p TCP -m state --state RELATED,ESTABLISHED -j >> ACCEPT >> > iptables -A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j >> ACCEPT >> >> You need to allow ESTABLISHED,RELATED traffic in the OUTPUT chain as >> well. That's most likely the source of your problem. >> >> > #todo desde fuera KO >> > iptables -A INPUT -m state --state NEW,INVALID -j DROP >> > >> > #apache >> > iptables -A INPUT -s 0.0.0.0/0 -p tcp -i eth0 --dport 80 -j ACCEPT >> >> Is eth0 your "external" interface? >> >> > #amule >> > iptables -A INPUT -p tcp --dport 4662 -j ACCEPT >> > iptables -A INPUT -p udp --dport 4665 -j ACCEPT >> > iptables -A INPUT -p udp --dport 4672 -j ACCEPT >> > >> > iptables -P INPUT DROP >> > iptables -P FORWARD ACCEPT >> > iptables -P OUTPUT ACCEPT >> >> The default policies should be set at the *beginning* of your script >> (before flushing the chains), not at the end. >> >> Regards >> Ansgar Wiechers >> -- >> "All vulnerabilities deserve a public fear period prior to patches >> becoming available." >> --Jason Coombs on Bugtraq >> >> >> -- >> To UNSUBSCRIBE, email to [EMAIL PROTECTED] >> with a subject of "unsubscribe". Trouble? Contact >> [EMAIL PROTECTED] >> >> > >
-- -JM. �Estos d�as azules y este sol de la infancia �(Antonio Machado-1939) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
