> > Hi All,
> > I am having a bit of a problem with setting up an iptables firewall on
> > a machine with one interface. I have set up a few successfully with
> > two but this one has me stumped.
> > I have a server (192.169.0.x) which sits on a private network. eth0 is
> > set to the above address. All I want to do is to allow a few services
> > to be accessed on this server by the internal network and allow
> > everything in the OUTPUT chain. I have set the OUTPUT chain default
> > policy to ACCEPT, and the INPUT chain has a default policy of DROP and
> > a few rules set up.
> > The INPUT chain works fine, but from the server itself I cannot telnet
> > to our mailserver on port 23, 25 or 110 but if I stop iptables I can.
> > The mailserver is also on the 192,168.0.x network.
> > Does anyone have any ideas as I am baffled? My guess is that it must
> > be to do with just the one interface card, but I cannot work out why.
> > All help gratefully received.....
> > Many thanks,
> > Steve Westrip
> Your problem is very likely *not* related to having a single interface.
> Your problem is likely to be related to problems with your INPUT rules.
> Use something like
> iptables -A INPUT -i eth0 -p tcp ! --syn \
> --sport $SERVRPORT -d 192.169.0.x --dport 1024:65535 -j ACCEPT
> where SERVPORT is defined to by the server's port number (e.g.,
> telnet=23, or, egads!, 0:1023). Also be aware that some services require
> authentication (113).
> The ! --syn means that you initiated the connection.
I entered the command from the other poster (yours hadn't arrived by
then!!) and it now connects,, but it takes about 15-30 seconds to
connect to an internal mailserver (or any other internal machine) via
telnet and get a login prompt. This server has no access to a DNS
server but the entry for mailserver is in the hosts file. It is worth
noting that with iptables 'turned off' the connection is immediate.