Net filtering puzzle

ZIYAD A. M. AL-BATLY zamb at saudi.net.sa
Thu Jun 9 15:27:19 UTC 2005


On Thu, 2005-06-09 at 16:01 +0200, Dennis Kaarsemaker wrote:
> I have a net filtering puzzle for the interested
> 
> Setup:
> 
> Freshly installed Ubuntu Hoary + apache2 + mod_ssl
> 
> What works:
> * connecting to http port 80
> * connecting to https if running on any port higher than 1023
> 
> What does not work:
> * connecting to https on 443 or any port below 1023
> * Even nmap shows these ports as filtered
> 
> My network admin tells me that there is no filter on the router (not
> NAT) that this server is connected to, and I did not install any
> iptables rules too.
> 
> So are there any other sources than iptables (iptables -L is empty) that
> could cause this or is my network admin confused?

There are three built in tables by default in Linux: “filter” (which is
the default one), “nat”, and “mangle”.

Maybe your troubles are not caused by the default one but one of the
other two.  To make sure, run:
        sudo iptables -n -L -t nat
        sudo iptables -n -L -t mangle

Also one last thing, check the “POLICY” of each chain on each table.

Ziyad.




More information about the ubuntu-users mailing list