I have been trying to do pulls from github and it keeps hanging. My iptables rules have no rules which block outgoing traffic but I cannot connect to github using either ssh or http. I can't even connect to the ssh server over localhost. When I disable the firewall this problem goes away. I know the ssh server is allowed incoming because I connect to the server solely through ssh.
Here is the output of my iptables -nvL
:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
92 6872 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9418
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
1 44 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 50 packets, 5664 bytes)
pkts bytes target prot opt in out source destination
I don't know what is going on here, it seems to me that outgoing packets should be allowed?
You need accept rules for established connections. Normally the first rule would be in this form.
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
You also appear to missing rules to accept the ICMP packets necessary for IP to work well.
-A INPUT -p 1 --icmp-type 3/4 -j ACCEPT -m comment --comment "Needed ICMP types"
-A INPUT -p 1 --icmp-type 11 -j ACCEPT -m comment --comment "Needed ICMP types"
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments