Re: Fw: Re: connection refused

--- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote:

> Bruce Hyatt wrote:
> > I got 'connect failed' but here's my
> iptables chains:
> ...
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere
>       icmp any
> > ACCEPT     ipv6-crypt--  anywhere             anywhere
> > ACCEPT     ipv6-auth--  anywhere             anywhere
> > ACCEPT     udp  --  anywhere             224.0.0.251
>       udp dpt:5353
> > ACCEPT     udp  --  anywhere             anywhere
>       udp dpt:ipp
> > ACCEPT     all  --  anywhere             anywhere
>       state RELATED,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere
>       state NEW tcp dpt:http
> > REJECT     all  --  anywhere             anywhere
>       reject-with icmp-host-prohibited
> >
> > It doesn't look to me like anything is restricted
> (except icmp).
>
> I don't think this is good. I only see port 80 being
> open. I'm not an expert with iptables, but you should
> have something like
>
> ACCEPT     tcp  --  anywhere             anywhere
>  state NEW tcp dpt:postgres
>
> listed above the reject line.

I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport
postgres"and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule: 

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
           tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

Bruce