Fwd: Re: IP Tables slows network response times

Jörg Harmuth harmuth at mnemon.de
Mon Aug 15 11:32:31 CEST 2005


Michael Hallager schrieb:
>>I think correct should be:
>>itpables -I INPUT -i lo -j ACCEPT (guess you misspeled it in the hurry)
>>forward rule for loopback is not necesary, as long as i remember
>>iptables -I OUTPUT -o lo -j ACCEPT;
> 
> 
> HOLD ON,
> This creates the following:
> chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> DROP       all  --  202.71.136.166       anywhere
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> 
> Looking at the first and last rule displayed here, dosn't this have the effect 
> of negating everything else?
> Eg: Allow all, from anywhere to anywhere....
> 
> Am I missing something?

Yes, -v ;) Ok, you certainly typed "iptables -L" and this will not
output the interfaces. Try "iptables -nvL" and you will see, that
"ACCEPT all anywhere anywhere" concerns only loopback.

Regarding the timeout issue, do as Grant recommended. May be you should
log in OUTPUT too, at least if logging in INPUT will not show the problem.

Have a nice time,

Joerg




More information about the netfilter mailing list