> ## flush old rules > iptables -F > # rules > iptables -t filter -A INPUT -i venet0 -d your_public_ip \ > -p tcp --sport 1024: -m multiport --dports 80,443,25,587 \ > -m state --state NEW,ESTABLISHED -j ACCEPT > iptables -t filter -A INPUT -i venet0 -d your_ip \ > -p udp --sport 1024: --dport 1194 \ > -m state --state NEW,ESTABLISHED -j ACCEPT > # default policy > iptables -P OUTPUT ACCEPT > iptables -P INPUT DROP > ##
I think your script lacks the rule that accepts return packets. Something along the lines of iptables -I INPUT -m state --state ESTABLISHED,RELATED -J ACCEPT Without this rule, return packets will be dropped and the server will be unable to establish connections. Also note the RELATED, which will accept ICMP notifications. You need those. I also recommend accepting ICMP echo requests: iptables -A INPUT -p icmp --icmp-type 8 -J ACCEPT -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
