iptables & allowed port refusing connection

Posted by marfarma on Server Fault See other posts from Server Fault or by marfarma
Published on 2010-05-26T19:57:40Z Indexed on 2010/05/26 20:03 UTC
Read the original article Hit count: 321

Filed under:

iptables

Can you see what I'm doing wrong? On Ubuntu Server 9.1, I'm attempting to allow traffic on port 1143 for a non-privileged IMAP host.

Connection is refused when testing with

telnet example.com 1143

but connection is allowed testing with

telnet example.com 80

from my pc to remote internet hosted server. Both rules appear identical and are located near each other with no rules rejecting connections intervening in the rules file. I can't figure it out.

iptables -L returns this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             127.0.0.0/8         reject-with icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http-alt 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:7070 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1143 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
LOG        all  --  anywhere             anywhere            limit: avg 5/min burst 5 LOG level  debug prefix `iptables denied: ' 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere

and my rules file contains this:

# Generated by iptables-save v1.4.4 on Wed May 26 19:08:34 2010
*nat
:PREROUTING ACCEPT [3556:217296]
:POSTROUTING ACCEPT [6909:414847]
:OUTPUT ACCEPT [6909:414847]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 
COMMIT
# Completed on Wed May 26 19:08:34 2010
# Generated by iptables-save v1.4.4 on Wed May 26 19:08:34 2010
*filter
:INPUT ACCEPT [1:52]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:212]
-A INPUT -i lo -j ACCEPT 
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 7070 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 1143 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 
-A INPUT -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -j REJECT --reject-with icmp-port-unreachable 
-A OUTPUT -j ACCEPT 
COMMIT
# Completed on Wed May 26 19:08:34 2010

Developer IT

iptables & allowed port refusing connection - Developer IT

iptables & allowed port refusing connection

iptables

Related posts about iptables

Sometimes this script fails to update the iptables

My current iptable configuration doesn't work [on hold]

L2TP iptables port forward

iptables -P FORWARD DROP makes port forwarding slow

IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

Categories cloud