CentOS Icon CentOS Logo
CentOS Text
   
  
www.centos.org Forum Index
   CentOS 6 - General Support
   iptables blocks dns

 

  Bottom    Previous Topic    Next Topic
  •  Rate Thread
      Rate this Thread
      Excellent
      Good
      Average
      Bad
      Terrible
Poster Thread
  •  agriz
      agriz
Re: iptables blocks dns
#1
Regular Board Member
Joined: 2011/11/19
From
Posts: 81
I had the output policy to deny. But i was having problems with wget, curl and yum
Temporarily i have changed the deny to accept. Before finding a solution, i got problem with name server.

When i turn on iptables, site is not loading.


This is the output of iptables-save

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [26:2884]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1234 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 10000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1234 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 1234 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 8 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 10000 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 1234 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT
COMMIT
# Completed on Fri Dec  9 03:18:50 2011
# Generated by iptables-save v1.4.7 on Fri Dec  9 03:18:50 2011
*mangle
:PREROUTING ACCEPT [40:22161]
:INPUT ACCEPT [40:22161]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [40:3964]
:POSTROUTING ACCEPT [40:3964]
COMMIT
# Completed on Fri Dec  9 03:18:50 2011
# Generated by iptables-save v1.4.7 on Fri Dec  9 03:18:50 2011
*nat
:PREROUTING ACCEPT [6:265]
:POSTROUTING ACCEPT [5:356]
:OUTPUT ACCEPT [5:356]
COMMIT
# Completed on Fri Dec  9 03:18:50 2011


1234 is my ssh
10000 is webmin control panel
Posted on: 2011/12/8 21:52
Create PDF from Post Print
Top
Subject Poster Date
     Re: iptables blocks dns TrevorH 2011/12/8 20:31
       Re: iptables blocks dns agriz 2011/12/8 20:49
         Re: iptables blocks dns TrevorH 2011/12/8 21:01
           Re: iptables blocks dns agriz 2011/12/8 21:10
             Re: iptables blocks dns TrevorH 2011/12/8 21:20
               Re: iptables blocks dns agriz 2011/12/8 21:28
                 Re: iptables blocks dns agriz 2011/12/8 21:30
                   Re: iptables blocks dns TrevorH 2011/12/8 21:46
                     Re: iptables blocks dns agriz 2011/12/8 21:52
                       Re: iptables blocks dns TrevorH 2011/12/8 22:18
                         Re: iptables blocks dns agriz 2011/12/8 22:32
                           Re: iptables blocks dns TrevorH 2011/12/8 22:43
                             Re: iptables blocks dns agriz 2011/12/8 22:53
                               Re: iptables blocks dns TrevorH 2011/12/8 23:17
                                 Re: iptables blocks dns agriz 2011/12/8 23:30
                                   Re: iptables blocks dns TrevorH 2011/12/8 23:40
                                     Re: iptables blocks dns agriz 2011/12/8 23:46
                                       Re: iptables blocks dns TrevorH 2011/12/8 23:52
                                         Re: iptables blocks dns agriz 2011/12/8 23:54
                                           Re: iptables blocks dns agriz 2011/12/9 19:08
                                             Re: iptables blocks dns TrevorH 2011/12/9 19:46
                                               Re: iptables blocks dns agriz 2011/12/9 21:15
                                                 Re: iptables blocks dns TrevorH 2011/12/9 21:42
                                                   Re: iptables blocks dns agriz 2011/12/9 21:51
                                                     Re: iptables blocks dns agriz 2011/12/9 22:04
                                                       Re: iptables blocks dns TrevorH 2011/12/9 23:14
                                                         Re: iptables blocks dns agriz 2011/12/9 23:18
                                                           Re: iptables blocks dns agriz 2011/12/9 23:27
                                                           Re: iptables blocks dns TrevorH 2011/12/9 23:29
                                                             Re: iptables blocks dns agriz 2011/12/9 23:30
                                                               Re: iptables blocks dns TrevorH 2011/12/9 23:32
                                                                 Re: iptables blocks dns agriz 2011/12/9 23:36
                                                                   Re: iptables blocks dns agriz 2011/12/9 23:52
                                                                     Re: iptables blocks dns agriz 2011/12/10 0:07
 Top   Previous Topic   Next Topic

 

 You cannot start a new topic.
 You can view topic.
 You cannot reply to posts.
 You cannot edit your posts.
 You cannot delete your posts.
 You cannot add new polls.
 You cannot vote in polls.
 You cannot attach files to posts.
 You cannot post without approval.




"Linux" is a registered trademark of Linus Torvalds. | All other trademarks are property of their respective owners. | All other content is Copyright @ 2004-2009 by the CentOS Project or "each individual contributor (forums, comments, etc.) unless otherwise assigned".| Theme based on a theme by 7dana.com