Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- IPTables only works for 70 seconds
- Matthew Connor
August 24, 2006, 1:48 pm
rate this thread
I have configured my firewall "nat" and "filter" tables the way I want
them and saved them by using "service iptables save". The problem is,
when I reboot the system (or whenever I start IPTables at all), the
rules work fine for only 70 seconds. I know this because with another
machine, I am continuously monitoring my ability to contact port 80 on
a machine behind the firewall. When IPTables starts, for 70 seconds,
the port is available. After that, there is no more connectivity
although all signs point to IPTables still running on the box. I am
starting IPTables from within /etc/rc.d/rc.local with the command
"service iptables start". I tried having it start automatically with
chkconfig, but that resulted in the same problem AND an INCREDIBLY long
boot time. Does anyone have any idea why my firewall rules only work
for 70 seconds? Below is some system information. Please let me know if
I can provide more for you. Thank you!
Linux pogo 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686
chkconfig --list | grep -i "ip"
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Output Here: http://www.bonniedoone.com/iptables.txt
(Please note, public IPs have been obfuscated with X's for privacy)
Re: IPTables only works for 70 seconds
So what you have is evidence that forwarding stops working.
"iptables" is netfilter, which is an in-kernel service. It's never not
... which probably means that something in your rules is interfering
with essential lo traffic. I'm not going to analyze your ruleset in
detail, but I would point out that you have nothing allowing traffic
into and out of lo.
[BTW how about "chkconfig --list iptables" instead of the grep?]
You really should use the init script to load the ruleset before any
interfaces come up. Otherwise you're running an open router during boot.
- » puzzled by numerous ports shown as used to be open
- — Previous thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security