I am new to iptables. Fortunately, I was able to reverse the ruleset I had earlier. I have read more and added the following rules set: target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:smtps ACCEPT tcp -- anywhere anywhere tcp dpt:cvspserver ACCEPT tcp -- anywhere anywhere tcp dpt:webcache ACCEPT tcp -- anywhere anywhere tcp dpt:distinct ACCEPT all -- ip-XXX-XXX-XX-XXX.ip.myserver.net anywhere DROP all -- anywhere anywhere
I tried to follow this HOWTO:
It appears to work on most ports. However, when I try a web site on that server, port 80, it starts but never finishes - never goes to that page. In forefox, the progress bar loooks like it's almost finished but never gets there.
I need to be able to: check and send mail serve web site ssh/WinSCP port 9999 needed as well as 8080 run DNS
Does that rules set look right?
Any ideas? Thanks!