IPTables outbound problem
Posted: 2017/10/18 11:14:05
Hi,
I do not get this and humbly ask for help.
I have an application that sends reports to the server on a port range 25025-25050, but my server reset the communication before it starts.
# Generated by iptables-save v1.4.7 on Wed Oct 18 11:03:10 2017
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
:PETER
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 123 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -m comment --comment "Allow ssh on eth1" -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -m comment --comment "Allow ssh on eth0" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j HAWKEYE
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j PETER
-A PETER -p tcp -m state --state NEW -m tcp --dport 25025:25050 -m comment --comment "Report ports" -j ACCEPT
COMMIT
# Completed on Wed Oct 18 11:03:10 2017
I do not get this and humbly ask for help.
I have an application that sends reports to the server on a port range 25025-25050, but my server reset the communication before it starts.
# Generated by iptables-save v1.4.7 on Wed Oct 18 11:03:10 2017
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
:PETER
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 123 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -m comment --comment "Allow ssh on eth1" -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -m comment --comment "Allow ssh on eth0" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j HAWKEYE
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j PETER
-A PETER -p tcp -m state --state NEW -m tcp --dport 25025:25050 -m comment --comment "Report ports" -j ACCEPT
COMMIT
# Completed on Wed Oct 18 11:03:10 2017