Re: Many "connection reset" when iptables enabled.
On 04/24/2011 09:14 AM, James McKenzie wrote: > That is why I have AdBlockPlus on my system. I stopped most of the > Flash 'junk' with it. Even better for that type of thing is FlashBlocker. All you see is an outline with a button to click on if you really want to see the flash. And, you can configure it to load flash from specific sites without asking. It's amazing how many sites use empty flash files as trackers. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Many "connection reset" when iptables enabled.
On 4/19/11 3:30 PM, Steven Stern wrote: > I've configured my system using system-config-firewall and have all > sorts of problems accessing Google and Facebook, often resulting in > either a hung page load or a connect reset message from Firefox. When I > turn off iptables, there are no problems. What's wrong with my setup? > Your configuration looks correct, but you are going to have to use a sniffer program on the local machine to see if Facebook/Google uses another 'unnamed' port to connect with. They should not unless they are trying to force video content to you. That is why I have AdBlockPlus on my system. I stopped most of the Flash 'junk' with it. James McKenzie -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Many "connection reset" when iptables enabled.
I've configured my system using system-config-firewall and have all sorts of problems accessing Google and Facebook, often resulting in either a hung page load or a connect reset message from Firefox. When I turn off iptables, there are no problems. What's wrong with my setup? # Configuration file for system-config-firewall --enabled --port=17500:udp --port=17500:tcp --port=3689:tcp --service=dns --service=mdns --service=ipp-client --service=ipp --service=samba --service=samba-client --service=https --service=ssh --service=http # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:domain ACCEPT udp -- anywhere anywherestate NEW udp dpt:domain ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns ACCEPT udp -- anywhere anywherestate NEW udp dpt:ipp ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ipp ACCEPT udp -- anywhere anywherestate NEW udp dpt:ipp ACCEPT udp -- anywhere anywherestate NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywherestate NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:microsoft-ds ACCEPT udp -- anywhere anywherestate NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywherestate NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:https ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:http ACCEPT udp -- anywhere anywherestate NEW udp dpt:db-lsp-disc ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:db-lsp ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:daap REJECT all -- anywhere anywherereject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywherereject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination -- -- Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines