[ilugd]: Problem with iptables

Wed, 13 Mar 2002 21:55:51 -0800 

hi
   i have written a simple script.it is for

FIREWALL PC IP 131.107.2.253 
2 Windows PCs 131.107.2.252,131.107.2.5

----------------
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p tcp -s 131.107.2.253 -d 131.107.2.253 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.252 -d 131.107.2.253 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.5 -d 131.107.2.253 --dport 80 -j ACCEPT 
-----------------------

but i was now able get conneted to my webserver from either of above PCs

then i tried following with Default drop in all chains

---------------------
iptables -A INPUT -p tcp -s 131.107.2.253 -d 131.107.2.253 -m mport --port 80 -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.252 -d 131.107.2.253 -m mport --port 80 -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.5 -d 131.107.2.253 -m mport --port 80 -j ACCEPT 
---------------------

in this case i was able to use http from 131.107.2.253 but not from other 2 IPs

then i tried following with Default drop in all chains
--------------------------
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.253 -d 131.107.2.253 -m mport --port 80 -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.252 -d 131.107.2.253 -m mport --port 80 -j ACCEPT
iptables -A INPUT -p tcp -s 131.107.2.5 -d 131.107.2.253 -m mport --port 80 -j ACCEPT 
-------------------------

now i was able to access port 80 from all machines

then i did same for ssh and mysql

but connectivty became drastically slow
it took few minutes to connect to database thru my C programs

pls help
---
Manish Kumar Arya
--------------------------------------------
While universe
{
  Object emerges from zero, tends to infinity and finally end in zero.
}
--------------------------------------------






2,000,000,000 Web Pages--you only need 1. Save time with My Lycos.
http://my.lycos.com

          ================================================
To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header
Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org
          =================================================

Reply via email to