Re: Fw: Re: connection refused

Bruce Hyatt wrote:
> --- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote:
>
>> Bruce Hyatt wrote:
>>> I got 'connect failed' but here's my
>> iptables chains:
>> ...
>>> Chain RH-Firewall-1-INPUT (2 references)
>>> target     prot opt source               destination
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     icmp --  anywhere             anywhere
>>       icmp any
>>> ACCEPT     ipv6-crypt--  anywhere             anywhere
>>> ACCEPT     ipv6-auth--  anywhere             anywhere
>>> ACCEPT     udp  --  anywhere             224.0.0.251
>>       udp dpt:5353
>>> ACCEPT     udp  --  anywhere             anywhere
>>       udp dpt:ipp
>>> ACCEPT     all  --  anywhere             anywhere
>>       state RELATED,ESTABLISHED
>>> ACCEPT     tcp  --  anywhere             anywhere
>>       state NEW tcp dpt:http
>>> REJECT     all  --  anywhere             anywhere
>>       reject-with icmp-host-prohibited
>>> It doesn't look to me like anything is restricted
>> (except icmp).
>>
>> I don't think this is good. I only see port 80 being
>> open. I'm not an expert with iptables, but you should
>> have something like
>>
>> ACCEPT     tcp  --  anywhere             anywhere
>>  state NEW tcp dpt:postgres
>>
>> listed above the reject line.
>
> I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp
--dportpostgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule: 
>
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
>            tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>
> Bruce

I think you need to add "-j ACCEPT" to the command.

-Ognejn