Bruce Hyatt wrote:
> --- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote:
>
>> Bruce Hyatt wrote:
>>> I got 'connect failed' but here's my
>> iptables chains:
>> ...
>>> Chain RH-Firewall-1-INPUT (2 references)
>>> target prot opt source destination
>>> ACCEPT all -- anywhere anywhere
>>> ACCEPT icmp -- anywhere anywhere
>> icmp any
>>> ACCEPT ipv6-crypt-- anywhere anywhere
>>> ACCEPT ipv6-auth-- anywhere anywhere
>>> ACCEPT udp -- anywhere 224.0.0.251
>> udp dpt:5353
>>> ACCEPT udp -- anywhere anywhere
>> udp dpt:ipp
>>> ACCEPT all -- anywhere anywhere
>> state RELATED,ESTABLISHED
>>> ACCEPT tcp -- anywhere anywhere
>> state NEW tcp dpt:http
>>> REJECT all -- anywhere anywhere
>> reject-with icmp-host-prohibited
>>> It doesn't look to me like anything is restricted
>> (except icmp).
>>
>> I don't think this is good. I only see port 80 being
>> open. I'm not an expert with iptables, but you should
>> have something like
>>
>> ACCEPT tcp -- anywhere anywhere
>> state NEW tcp dpt:postgres
>>
>> listed above the reject line.
>
> I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp
--dportpostgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule:
>
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
> tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
>
> Bruce
I think you need to add "-j ACCEPT" to the command.
-Ognejn