Home > networking > iptables is blocking ping and dns

iptables is blocking ping and dns

March 12Hits:1
Advertisement

Im a noob at iptables, and have recently setup a new server ans used webmin to tell iptables to allow incomming port 80, 443, and 22. However with iptables enabled the server can no longer ping external servers or do dns lookups.

What do I need to change in iptables to allow such things?

Thanks!

Answers

The rules are going to change depending on whether you have a firewall which all traffic passes through, or the firewall is on the actual machine you want to protect. I've written the rules assuming the latter.

But if you have a dedicated firewall box which protects other servers, you'd probably want

 -A FORWARD

Instead of INPUT our OUTPUT.

The easiest thing to do would be to allow all outbound traffic for that server. Or you could be more specific, its up to you.

# Allow outbound traffic from MyServer
iptables -A OUTPUT -j ACCEPT -s $myServer

Where $myServer is whatever IP you have. Not sure about how you'd do this in webmin, sorry.

Whether you want to allow all outbound traffic, or be more specific, is up to you.

EDIT:

You may also find it useful to allow inbound ICMP (for pings), if you haven't already.

iptables -A INPUT -j ACCEPT -p ICMP -d $myServer

I never use Webmin to configure iptables, but check if you can add a rule:

Allow incoming traffic related/reply to outgoing traffic.

Or,

Allow established incoming traffic.

If there's no such rule, you have to add two rules:

Allow incoming UDP from port 53

Allow incoming ICMP

Ok, I figured it out.

I deleted all the rules I have and reset the firewall with a bunch of preset defaults the webmin module provided.

Related Articles

  • iptables is blocking ping and dnsMarch 12

    Im a noob at iptables, and have recently setup a new server ans used webmin to tell iptables to allow incomming port 80, 443, and 22. However with iptables enabled the server can no longer ping external servers or do dns lookups. What do I need to ch

  • What to do if I can't ping my DNS?June 18

    On my Windows XP SP3 machine I can only browse (with any browser) by putting in an ip address. If I put in any domain name it doesn't work. Skype and IM work. In command prompt nslookup works to resolve the name to an ip address, but ping does not wo

  • WiFi connects, pings and DNS work, but no response to http

    WiFi connects, pings and DNS work, but no response to http May 28

    I have a problem using WiFi on my Dell M4600 running Windows 7 x64. I'm using a Virgin Media Netgear Super Hub in the UK to connect to the internet. It works fine when I use a wired connection, but if I try to use WiFi I can't browse to any website.

  • Router 2wire, Slackware desktop in DMZ mode, iptables policy aginst ping, but still pingable

    Router 2wire, Slackware desktop in DMZ mode, iptables policy aginst ping, but still pingableSeptember 11

    I'm in DMZ mode, so I'm firewalling myself, stealthy all ok, but I get faulty test results from Shields Up that there are pings. Yesterday I couldn't make a connection to game servers work, because ping block was enabled (on the router). I disabled i

  • Block ping from a particular IP addressFebruary 9

    My server is Ubuntu 12.04:-> IP 192.168.56.100 I have a client Ubuntu 13.04:-> IP 192.168.56.101 I have to block the ping from client to server So I wrote the IPTABLE rule. iptables -A INPUT -i eth0 -p ICMP -s 192.168.56.101 -j DROP Now client can't

  • Windows 7 firewall not blocking ping requestsApril 30

    I have ICMPv4/6 blocked in my Windows 7 firewall. No matter what I do, my computer can still be pinged. The rule is enabled, etc. How do I fix this? --------------Solutions------------- If your router doesn't support blocking ping, there is nothing y

  • Why did iptables suddenly block HAProxyMay 16

    I have an Apache server behind an HAProxy server. Earlier today, the server became unavailable and HAProxy threw 503 errors on the front end. After investigating, it looks like iptables began blocking requests from HAProxy, and restarting Apache fixe

  • View requests that iptables has blockedJanuary 23

    Is it possible to view or enable a log that shows what requests iptables is blocking? I am trying to track down a request that iptables is blocking, but shouldn't be (because of an exception rule that I put in place for it). --------------Solutions--

  • Iptables Not Blocking UserMarch 30

    iptables seems to not want to block a user. I'm using a remastered 10.04 live and Firestarter as a firewall. I've made no fundamental changes to the distro, except to update, upgrade and added this iptable line for my admin user dev: sudo iptables -A

  • Configure IPTables to block specific ports on VPN Disconnect?April 23

    I am using the latest Ubuntu distribution... and I have a rather spotty VPN connection. I am using the default Network Manager application that came with Ubuntu. I am having trouble maintaining a connection to my VPN, and that being a separate issue,

  • Which setting in osx could block "ping localhost"?

    Which setting in osx could block "ping localhost"?August 25

    How can I detect which setting in the OS X could block ping localhost? IPFW, LittleSnitch no such rules? Update 1: > cat /etc/hosts 127.0.0.1 localhost 255.255.255.255 broadcast --------------Solutions------------- The obvious choice would be if stea

  • For security reasons, can I block ping response on my router without disabling my network?

    For security reasons, can I block ping response on my router without disabling my network?January 6

    I seem to have a serious problem of being attacked and after looking up the attack source, 99% come from China, then Korea, Hong Kong etc. Here is a fraction of the report from my Router, which is a Cisco WRVS4400N router. 1 2014-01-06 14:53:32 CHAT

  • Configure iptables firewall to allow DHCP, DNS, HTTP, SMTP, FTP, IMAP, POP, and Squid ports – deny all other services.September 9

    Configure iptables firewall to allow DHCP, DNS, HTTP, SMTP, FTP, IMAP, POP, and Squid ports – deny all other services. 1 pc for router ( place firewall) 1 pc for server ( place web,dhcp,ftp,etc) --------------Solutions------------- You can use system

  • Using IPTables to block all connections but still be able to backup vServerJanuary 19

    my vServer / webserver (OS: Debian squeeze) got hacked and compromised. Therefore I want to use rules in IPTable to block all input and output connections except ssh. Afterwards I want to backup at least some databases and files, which should be save

  • Using IPtables to block outgoing traffic to a TAP interface from a LAN IP address or subnetJuly 11

    How can I configure IPtables to block outgoing traffic to a TAP interface from an IP or subnet? --------------Solutions------------- I believe you need something like this: iptables -A OUTPUT -s (source ip) -d (destination ip) -p (protocol) --j REJEC

  • Why I can't block PING.EXE inbound and outbound traffic?

    Why I can't block PING.EXE inbound and outbound traffic?October 13

    I want to block C:\Windows\System32\ping.exe for any inbound or outbound traffic in Windows-7. So in the Windows Firewall, I added two rules to aim this goal (one for inbound and one another for outbound traffic). Firewall is On. but still I can ping

  • My iptables script is blocking incoming/outgoing DNSAugust 27

    Here's the iptables script: echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 1 > /proc/sys/net/ipv4/conf/all/log_martians iptables -F iptabl

  • How can I block ping requests with IPTables?December 15

    and stealth specific ports? --------------Solutions------------- To deny responses to ping requests..Add the following iptable rule iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT

  • ufw blocking apt and dnsAugust 12

    I installed ufw on my Debian system like the following: # aptitude install ufw # ufw limit 22 # ufw allow 80 # ufw allow 443 # ufw enable # ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: s

  • iptables is blocking nginx from being a reverse proxy for node.jsFebruary 20

    Having some trouble with my very restrictive iptables setup. I have nginx (port 80) setup to be a reverse proxy in front of node.js (port 8080). When the iptables service is stopped, everything works great. When it's turned back on, I get proxy timeo

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.317 s.