Iptables

Aurelio Sánchez fae7901 at terra.es
Sat Dec 20 20:14:02 UTC 2003


El sáb, 20-12-2003 a las 07:33, Marcel Janssen escribió:
> On Saturday 20 December 2003 12:08, Alex White wrote:
> > On the second box, armed with a single ethernet card
> > connected to the previously mentioned crossover cable, no
> > iptables rules, internet access works just fine. I can
> > browse, and use gaim flawlessly. However, with this set up I
> > am unable to download anything on the box. When starting a
> > download, the machine will have a 100+ kb/s download which
> > within 10-30 seconds dies out to 0k/s. No downloads ever
> > finish.
> 
> I had similar problems, but I couldn't even use internet well. A web page 
> would only load partialy. After changing the driver of my ethernet card my 
> problem was solved.
> 
> Regards,
> Marcel

Once upon a time I've got similar problem. The fact is that your
loopback device (127.0.0.1) must be able to access to Internet if you
want to navigate and download, even passive FTP transfers. That's, I
think, because the navigations request are forwarded via loopback.

How? Be sure that on all machines its iptable input chain (or chain
which is referred from INPUT) contains something like (from iptables -L
-v -n):
Chain RH-Lokkit-0-50-INPUT (2 references)
 pkts bytes target     prot opt in     out     source              
destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0           
0.0.0.0/0

(my INPUT forward to RH-Lokkit-0-50-INPUT, on fresh FC1 installs its
name is different). The iptables command is:

/sbin/iptables -t filter -I 'your_chain'  -i lo -p all -s 0.0.0.0/0 -d
0.0.0.0/0 -j ACCEPT

so your loopback device is free to access Internet and to make
requisitories.

Maybe that could help you, maybe don't, but it's a silly thing that in a
Red Hat 7.1 installation stopped me!........:-)

-- 
Saludos,

Aurelio Sánchez
fae7901 circling terra Spain
fae7901 circling yahoo Spain

Registered Linux User # 272846
GNU Privacy Guard Public Key available at pgp.rediris.es

Created by Ximian Evolution 1.4.5 running on Fedora Core 1





More information about the users mailing list