Please remember to reply to the mailing list, not the original sender: http://gnudip2.sourceforge.net/#mailinglist
+++++++++ I am afraid I am not yet familiar with iptables. I still use ipchains/kernel 2.2. Perhaps someone else on this list can be more helpful. But it appears to me the commands you show are only allowing access to port 1023 on the destination. Firewall rules for outpoing packets are normally not concerned with port numbers. They are concerned with ensuring that packets have appropriate destination and source IP addresses. This is the section of my ipchains based firewall (my machine is doing masquerading) for outgoing packets: # Outgoing, flush and set default policy of reject. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. ipchains -F output ipchains -P output DENY # local interface, any source going to local net is valid ipchains -A output -i $intint -d $intnet -j ACCEPT # outgoing to local net on remote interface, stuffed routing, deny ipchains -A output -i $extint -d $intnet -l -j DENY # outgoing from local net on remote interface, stuffed masquerading, deny ipchains -A output -i $extint -s $intnet -l -j DENY # anything else outgoing on remote interface is valid ipchains -A output -i $extint -s $extip -j ACCEPT # loopback interface is valid. ipchains -A output -i lo -j ACCEPT # catch all rule, all other outgoing is denied and logged. pity there is no # log option on the policy but this does the job instead. ipchains -A output -l -j DENY Good luck! Jean-Philippe Valois wrote: > > Please remember to reply to the mailing list, not the original sender: > > http://gnudip2.sourceforge.net/#mailinglist > > +++++++++ > > Hello, > > > You are are using the GnuDIP client, right? > Yes, I am using the gnudip client. > > Thanks for your very detailed answer! I think that is > my problem indeed. I believe the default script > blocks off everything with one of these calls : > > ----------------------------------------------------- > # Set default policies on INPUT, OUTPUT and FORWARD > targets > $IPTABLES -P INPUT DROP > $IPTABLES -P OUTPUT DROP > > (or this?) > > # Turn on reverse filtering... > for interface in /proc/sys/net/ipv4/conf/*/rp_filter; > do > /bin/echo "1" > ${interface} > done > > ----------------------------------------------- > > I've tried to enable OUTPUT on all TCP and UDP ports > above 1023 with this : > > $IPTABLES -A OUTPUT -o $EXTIF -p tcp -d 0.0.0.0/0 > -dport 1023: -m state --state NEW,ESTABLISHED -j > ACCEPT > $IPTABLES -A OUTPUT -o $EXTIF -p udp --dport 1023: -m > state --state NEW,ESTABLISHED -j ACCEPT > > Does it make any sense? :) > > Thanks again, > Jean-Philippe > > > +++++++++ > > > > You are are using the GnuDIP client, right? Not the > > server? > > > > As with most TCP clients, the GnuDIP client will not > > specify what > > outpoing port to use. The operating system will > > assign one at random > > (somewhere above 1023). > > ... > > ===== > S.V.P. répondez à / please reply to : [EMAIL PROTECTED] > > __________________________________________________________ > Obtenez votre adresse @yahoo.ca gratuite et en français ! > courriel.yahoo.ca > > -- > GnuDIP Mailing List > http://gnudip2.sourceforge.net/#mailinglist -- Creighton MacDonnell http://macdonnell.ca/ -- GnuDIP Mailing List http://gnudip2.sourceforge.net/#mailinglist
