hello
I m running suse linux 11.0
I try to host, but i can ' t
i forward port 8452 on my routeur, try to run without routeur,
i open ports 8452 UDP and TCP on firewall... Nothing works, i can t host.
I try to open port with this :
# iptables -A INPUT -p TCP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p UDP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A OUTPUT -p UDP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A OUTPUT -p TCP --dport 8452 -m state --state NEW -j ACCEPT
and ... I can t host on suse 11.0 ....
is someone can solve it ?
firewall failure ?
Moderator: Moderators
Re: firewall failure ?
Just an idea: Do you have a real ip address without a router ? Maybe your router is connected through another router...
Re: firewall failure ?
good idea, which depends on my IA
i have a cable modem, and a routeur.
I have a real IP with it, and a IP local 192.168.x.x
i have a cable modem, and a routeur.
I have a real IP with it, and a IP local 192.168.x.x
-
sillynanny
- Posts: 125
- Joined: 20 Jun 2008, 14:26
Re: firewall failure ?
I can't comment on your iptables lines because i use a firewall configuration generator (firehol) and never did it manually. What you say you did with your router and firewall should be enough, and is enough for me on Ubuntu.
I would try to isolate and locate exactly where your connection is dropped. Set your firewall to default reject instead of default drop so you will get useful error messages on the other end, and try to telnet into spring from your local network. If nothing happens for a while your packet is being dropped. If it quickly says that it cant connect, it is being rejected. If it connects, the problem is in your router.
I would try to isolate and locate exactly where your connection is dropped. Set your firewall to default reject instead of default drop so you will get useful error messages on the other end, and try to telnet into spring from your local network. If nothing happens for a while your packet is being dropped. If it quickly says that it cant connect, it is being rejected. If it connects, the problem is in your router.
-
MrPresident
- Posts: 28
- Joined: 08 Aug 2007, 23:57
Re: firewall failure ?
Hey you
I think i can give you some help in the iptables stuff.
The rules you wrote on the forum are only allowing the 1st packet of each connection, supposing you are using a iptables INPUT table DROP policy, dont you? You dont really need to use a OUTPUT table DROP policy if you are using it, it wont really make your computer more secure.
So, instead placing the 4 rules you wrote, try with this ones:
# iptables -A INPUT -p TCP --dport 8452 -j ACCEPT
# iptables -A INPUT -p UDP --dport 8452 -j ACCEPT
Just remove the "-m state --state NEW" in the rules. And use a iptables OUTPUT table ACCEPT policy.
You can do this or there is an option B to do the same:
# iptables -A INPUT -p TCP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p UDP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
The last rule will allow the traffic from already established connections.
If you have more problems let me know - and just place here the output of the "iptables-save -c" command to let us know a little bit more from your configuration.
See you!
I think i can give you some help in the iptables stuff.
The rules you wrote on the forum are only allowing the 1st packet of each connection, supposing you are using a iptables INPUT table DROP policy, dont you? You dont really need to use a OUTPUT table DROP policy if you are using it, it wont really make your computer more secure.
So, instead placing the 4 rules you wrote, try with this ones:
# iptables -A INPUT -p TCP --dport 8452 -j ACCEPT
# iptables -A INPUT -p UDP --dport 8452 -j ACCEPT
Just remove the "-m state --state NEW" in the rules. And use a iptables OUTPUT table ACCEPT policy.
You can do this or there is an option B to do the same:
# iptables -A INPUT -p TCP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p UDP --dport 8452 -m state --state NEW -j ACCEPT
# iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
The last rule will allow the traffic from already established connections.
If you have more problems let me know - and just place here the output of the "iptables-save -c" command to let us know a little bit more from your configuration.
See you!