Paul,<div><br></div><div>What is the default policy on the INPUT chain set to? I also notice that you don't have any ESTABLISHED,RELATED rules to accept packets returning from outbound connections. If your default policy is DROP, that would explain the behavior.</div>
<div><br></div><div>That said, it's difficult to troubleshoot iptables rules without seeing ALL the rules. Looking at this subset of rules may have people point you in the wrong direction.</div><div><br></div><div>-Scott<br>
<br><div class="gmail_quote">On Sat, Oct 10, 2009 at 11:14 AM, Paul Cartwright <span dir="ltr"><<a href="mailto:ale@pcartwright.com">ale@pcartwright.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I was on my wifes laptop, surfing the internet, and I tried ( and failed) to<br>
ssh to our Debian desktop. Then I remembered my IPtables script I run. SO I<br>
ran the script, and was then able to ssh into my desktop. The problem is ( I<br>
think) now I cannot surf the internet, though the connection is up. Would<br>
this script have anything to do with it?::<br>
<br>
iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT<br>
iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT<br>
/sbin/iptables -N ssh-connection<br>
/sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m<br>
recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j<br>
LOG --log-prefix "SSH_brute_force "<br>
/sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m<br>
recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP<br>
/sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m<br>
recent --set --name SSH -j ACCEPT<br>
<br>
<br>
Nothing else changed, so if this isn't what is wrong, I am clueless. If it IS<br>
the culprit, what did I do wrong, and what can I do to fix it?<br>
<br>
--<br>
Paul Cartwright<br>
Registered Linux user # 367800<br>
Registered Ubuntu User #12459<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br></div>