starting iptables problem

[oluja]

Hi!

Please somebody can help me wit configuration of iptables because now when i start iptables, my VPS freeze (all blocked ssh, http... etc..) , and only what I can do is via Virtuozzo stop iptables...

i had make some changes with iptables (downloaded new version, and than downgraded it to version what I receive with VPS..

[thisisit3]

Most probably, iptables starts with no rules at all in blocking mode, so you have to explicitly add any "allow" rules in order to allow connections go through.

With iptables stopped, edit /etc/sysconfig/iptables and check its contents. Add lines as required, for example:

to allow SSH traffic, add:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

to allow web traffic, add:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

this of course implies that you are running CentOS or Fedora, since i don't know how other distros do it. Once you've made sure the correct rules are there, do a "service start iptables" and you should be fine.

you should probably check the existing rules, something is wrong and made iptables block everything.

[oluja]

tnx for answer thisisit3 but it seems that i screwed up something with iptables hardly...
i have centos on vps, and added these lines, but when i enter service start iptables ssh is down, and manualy soping iptables in virtuazzo i got error in putty:


Applying iptables firewall rules: iptables-restore: line 40 failed [FAILED]

but now when i see better: iptables -V i got iptables v1.3.8, and in /sbin/iptables I got
iptables v1.2.11

it looks i have 2 iptables (silly me).. please can you tell me how to delete all iptables and reinstal with some version like you have...

cheers... or please can you pm me for some instruction via skype or msn ?

[oluja]

when i search iptables i found this:

[root@vps ~]# find / -name "iptables" -print
/etc/sysconfig/iptables
/etc/rc.d/init.d/iptables
/lib/iptables
/usr/local/lib/iptables
/usr/local/cpanel/install/iptables
/usr/local/sbin/iptables
/sbin/iptables

[oluja]

have deleted all iptables files & directories, and reinstalled via cpanel whm rpm...

Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

seems all ok.. thans thisisit3