See reason why iptables is blocking someone

drmike

I was kind of joking about how much blocking iptables was doing but I noticed that my messages file was over 5 megs in size so I'm sitting here with a tail on my /var/log/messages file and it's nothing but "iptables denied" messages.

With lots of:

Oct 15 21:45:26 vps vmunix: [161283.176386] iptables denied: IN=eth0 OUT= MAC=blah SRC=175.137.20.25 DST=blah LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=5556 PROTO=TCP SPT=1606 DPT=6914 WINDOW=16384 RES=0x00 SYN URGP=0

Is there any way too tell why a connect is being blocked? Google'ing for keywords doesn't pull up anything right off.

Using Debian 6 on Xen for reference.

thanks

miTgiB

drmike said: SPT=1606 DPT=6914

Are these ports open or closed in your rules?

drmike

They should be closed but I'm getting a response on one of them. Gone to look....

edit: Got it. Never mind. :whistle:

AuroraZ

Well?

drmike

For whatever reason, the changes I made to /etc/iptables.up.rules when I reinstalled rtorrent on the last reinstall didn't take.

When I looked up the ports to see what program or script used that port, it was clear what the issue was.

edit: Did a reboot just to make sure. Sitting here with a tail on messages again to see what shows up.

drmike

Hmmm, no good. This is correct for iptables, right?

# Allow mud port 7500
-A INPUT -p tcp --dport 7500 -j ACCEPT

# Allow bittorrent
-A INPUT -p tcp --dport 6890:6999 -j ACCEPT

AuroraZ

Looks right to me but make sure that rtorrent is configured to use those ports as well.