Port is open but I am unable to connect

Jason Opperisano opie at 817west.com
Wed Sep 8 13:35:04 CEST 2004


On Wed, 2004-09-08 at 02:38, Jacob Friis Larsen wrote:
> > i would content that while you believe your source IP is 1.2.3.4 in this
> > scenario--it; in fact, is not.
> 
> I know.
> 1.2.3.4 is just for the example :)
> 
> > try:
> > 
> >   iptables -A INPUT -j LOG --log-prefix "FW DROP INPUT: "
> > 
> > and see what the logs have to say about it.
> 
> This will log all incoming packets?

setting the above as you last rule, in combination with setting the
POLICY of the INPUT chain to DROP, will log all packets dropped by the
INPUT chain.  similarly:

  iptables -A OUTPUT -j LOG --log-prefix "FW DROP OUTPUT: "

will log all packets dropped by the OUTPUT chain; which in your case,
should show you what Aleksandar already pointed out--you don't allow
ESTABLISHED packets out through the OUTPUT chain.

-j

-- 
Jason Opperisano <opie at 817west.com>




More information about the netfilter mailing list