--- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote:
> Bruce Hyatt wrote:
> > I got 'connect failed' but here's my
> iptables chains:
> ...
> > Chain RH-Firewall-1-INPUT (2 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> icmp any
> > ACCEPT ipv6-crypt-- anywhere anywhere
> > ACCEPT ipv6-auth-- anywhere anywhere
> > ACCEPT udp -- anywhere 224.0.0.251
> udp dpt:5353
> > ACCEPT udp -- anywhere anywhere
> udp dpt:ipp
> > ACCEPT all -- anywhere anywhere
> state RELATED,ESTABLISHED
> > ACCEPT tcp -- anywhere anywhere
> state NEW tcp dpt:http
> > REJECT all -- anywhere anywhere
> reject-with icmp-host-prohibited
> >
> > It doesn't look to me like anything is restricted
> (except icmp).
>
> I don't think this is good. I only see port 80 being
> open. I'm not an expert with iptables, but you should
> have something like
>
> ACCEPT tcp -- anywhere anywhere
> state NEW tcp dpt:postgres
>
> listed above the reject line.
I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport
postgres"and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule:
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Bruce