Hi, Thanks i modified my firewall now it works for me. I made the following entries:
:FORWARD ACCEPT [0:0] # Accept all forwarded packets. In my case there is no NAT, so this is ok. :INPUT DROP [0:0] # Drop all incoming packets. :OUTPUT ACCEPT [0:0] # Accept all outgoing packets. So no traffic from my server is blocked. Makes browsing the internet easier. -A INPUT -s 80.242.234.70 -j ACCEPT # All packets from this ip are accepted. This is my ip from where i manage my collocated server. -A INPUT -s 127.0.0.1 -j ACCEPT # Some services use the loopback to send/receive data. Leaving this entry away will cause some services to crash. -A INPUT -s 213.132.174.75 -j ACCEPT # See the line above. -A INPUT -d 127.0.0.1 -j ACCEPT # See the line above. -A INPUT -m state -d 213.132.174.75 --state ESTABLISHED,RELATED -j ACCEPT # Because some services also listening on not only the loopback, but also on the NIC. They need to send/receive data without blocked by the firewall. The options ESTABLISHED,RELATED will prevent connections from the internet. Only related connections or al ready made connections will be accepted. -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT # Allow the internet make a connection with the FTP data port. -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT # Allow the internet make a connection with the FTP control port. -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT # Allow the internet make a connection with the SMTP port. -A INPUT -p udp -m udp --dport 53 -j ACCEPT # Allow the internet make a connection with the DNS(UDP) port. -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT # Allow the internet make a connection with the DNS(TCP) port. -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # Allow the internet make a connection with the HTTP port. -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT # Allow the internet make a connection with the POP3 port. -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # Allow the internet make a connection with the HTTPS port. -A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT # Allow the internet make a connection with the USERMIN port. -A INPUT -p tcp -m tcp -m state --dport 60000:65000 --state ESTABLISHED,RELATED -j ACCEPT # This is a special one. Some FTP clients use FTP in passive mode. My FTP server is configurated to use the passive ports between 60000 and 65000. Leaving this entry away will disable the passive mode. To prevent the internet to use this ports to connect only a RELATED or ESTABLISHED connection will accepted. So when no FTP is used this ports are closed(stealth). All other services/protocols like NETBIOS, IMAP, ICMP, PING are blocked by default. I have i made any misstakes please tell me. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list