Skip to Content.
Sympa Menu

ndt-users - iptables configurations

Subject: ndt-users list created

List archive

iptables configurations


Chronological Thread 
  • From:
  • To:
  • Subject: iptables configurations
  • Date: Tue, 1 May 2007 10:15:12 -0400 (EDT)

Hi Folks,

First apologies for the blank message earlier, pressing enter after entering
the title from the web posting form will submit a blank message...

Anyway, I'm trying to get NTD setup with iptables, and I'm having an issue.
When I run iptables, everything works, except the test tells me the slowest
link is 1.0 Gbps. But I'm on 100 Mbps.

Connected to: clustr1-cis343 -- Using IPv4 address
Checking for Middleboxes . . . . . . . . . . . . . . . . . . Done
checking for firewalls . . . . . . . . . . . . . . . . . . . Done
running 10s outbound test (client-to-server [C2S]) . . . . . 93.65Mb/s
running 10s inbound test (server-to-client [S2C]) . . . . . . 93.20Mb/s
The slowest link in the end-to-end path is a 1.0 Gbps Gigabit Ethernet subnet

When I turn off iptables, I get the correct info:

Connected to: clustr1-cis343 -- Using IPv4 address
Checking for Middleboxes . . . . . . . . . . . . . . . . . . Done
checking for firewalls . . . . . . . . . . . . . . . . . . . Done
running 10s outbound test (client-to-server [C2S]) . . . . . 93.47Mb/s
running 10s inbound test (server-to-client [S2C]) . . . . . . 93.20Mb/s
The slowest link in the end-to-end path is a 100 Mbps Full duplex Fast
Ethernet subnet

I'm clearly missing something in the firewall configuration, here's my
iptables status:

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:7123
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:3003
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:3002
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:3001
14 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited

Any ideas? I've opened up 3001,3002,3003 and 7123.

Thanks,

Jerry




Archive powered by MHonArc 2.6.16.

Top of Page