iptables and X (KDE)

Thu, 26 Jun 2003 14:01:39 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I already posted this message to the list but "murphy" decided it wasn't 
written well enough (just to say it never arrived!).
I'm quite a newbie about firewalling. So, please, be patient.
I attached my iptables rules and I wonder if someone could help me 
understanding why it doesn't allow me start X (KDE, in my case).
I suppose because of its very restrictive policies (DROP almost everything!).
Are PREROUTING and POSTROUTING involved? I thought they should only be 
interested in masqueraded traffic arriving and leaving from a specific 
interface (such as eth0 or ppp0), not in letting me start KDE!
Does xfs need to be allowed to connect to its port (7100)?
I've tried for days and days without any rilevant result.
I'm using woody on a laptop, but I'm thinking about preparing a woody box to 
be used as a router/firewall on my little LAN and I'd like to be ready to do 
this without this kind of problems!
Really thanks in advance.
Take care.

Matteo


- -- 
Matteo Vescovi
Email: mbishops(at)tiscali(dot)it
GPG Key: http://web.tiscali.it/revese/dhc_key.asc
Fingerprint: 18CE 32E6 399B 8212 549E  1E1F C299 A22E 184C 01CA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE++z1cwpmiLhhMAcoRAkXkAKCswsgX2M3lvp3FIkOigJXYIBvY0wCgxghp
DCQ3+387nIR4mjpcLK5Kyms=
=COAO
-----END PGP SIGNATURE-----

# Generated by iptables-save v1.2.6a on Sat Jun 21 20:25:11 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
[0:0] -A INPUT -i lo -j ACCEPT 
[0:0] -A INPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT 
[0:0] -A INPUT -s 127.0.0.1 -p tcp -m tcp --sport 631 -j ACCEPT 
[0:0] -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 0 -j ACCEPT 
[0:0] -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 3 -j ACCEPT 
[0:0] -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 11 -j ACCEPT 
[0:0] -A FORWARD -i ppp0 -m state --state INVALID,NEW -j DROP 
[0:0] -A OUTPUT -s 192.168.1.255 -j DROP 
COMMIT
# Completed on Sat Jun 21 20:25:11 2003
# Generated by iptables-save v1.2.6a on Sat Jun 21 20:25:11 2003
*nat
:PREROUTING DROP [0:0]
:POSTROUTING DROP [0:0]
:OUTPUT DROP [0:0]
[0:0] -A POSTROUTING -s 192.168.1.0 -o ppp0 -j MASQUERADE 
[0:0] -A OUTPUT -s 192.168.1.255 -j DROP 
COMMIT
# Completed on Sat Jun 21 20:25:11 2003

Reply via email to