On Fri, Mar 08, 2002 at 05:02:38PM -0300, Bruno Negr�o wrote:
> Hi all,
> I had a rule like this:
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -p ALL -o lo -s 127.0.0.1 -j ACCEPT
> This way, my firewall was dropping a lot of legitimate packets
> originated from lo which use the source ip's of the internal or
> external interfaces(instead of 127.0.0.1).
How about as your last rule in your OUTPUT/INPUT tables to mark the
packets that are dropped? That way you can see what's being dropped and
why.
Who is 127.0.0.1 trying to communicate with? Probably another local
address to the machine like 10.0.0.254. Did you enable communication
back the other way like with a
-i lo -d 127.0.0.1
? That could help out.
But again I would stress -j LOG --log-prefix "DROP " marking all dropped
packets so that you can see where it is going wrong.
Chris
