IPTables only works for 70 seconds

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all.

I have configured my firewall "nat" and "filter" tables the way I want
them and saved them by using "service iptables save". The problem is,
when I reboot the system (or whenever I start IPTables at all), the
rules work fine for only 70 seconds. I know this because with another
machine, I am continuously monitoring my ability to contact port 80 on
a machine behind the firewall. When IPTables starts, for 70 seconds,
the port is available. After that, there is no more connectivity
although all signs point to IPTables still running on the box. I am
starting IPTables from within /etc/rc.d/rc.local with the command
"service iptables start". I tried having it start automatically with
chkconfig, but that resulted in the same problem AND an INCREDIBLY long
boot time. Does anyone have any idea why my firewall rules only work
for 70 seconds? Below is some system information. Please let me know if
I can provide more for you. Thank you!


uname -a
Linux pogo 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686
i386 GNU/Linux

chkconfig --list | grep -i "ip"
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off

iptables -V
iptables v1.2.11

cat /etc/sysconfig/iptables
Output Here: http://www.bonniedoone.com/iptables.txt
(Please note, public IPs have been obfuscated with X's for privacy)

Re: IPTables only works for 70 seconds

Matthew Connor wrote:
Quoted text here. Click to load it

So what you have is evidence that forwarding stops working.
"iptables" is netfilter, which is an in-kernel service.  It's never not

Quoted text here. Click to load it

... which probably means that something in your rules is interfering
with essential lo traffic.  I'm not going to analyze your ruleset in
detail, but I would point out that you have nothing allowing traffic
into and out of lo.

Quoted text here. Click to load it

[BTW how about "chkconfig --list iptables" instead of the grep?]

You really should use the init script to load the ruleset before any
interfaces come up.  Otherwise you're running an open router during boot.

Site Timeline