[dundee] Help with iptables

Robert Ladyman it at file-away.co.uk
Fri Mar 23 12:07:45 UTC 2012 

Your best bet is probably to use wireshark / tcpdump on the connection and see 
what the box is really doing.


> Hello everyone, How was the meeting last night? I regret I could not make
> it . . .
> 
> For the last few DAYS I have been working on my firewall and the last thing
> I have todo is make my manager mini mac to communicate to the apple store.
> The app loader needs to comunicate to a series of apple servers (
> 17.152.249.51 - 58)
>  trought ports 33001 TCP and 33001-33500 for udp.
> 
> My default gateway has network interfaces, one face WAN (ETH0) and the
> other facing LAN (ETH1), and is proxyed everything with squid
> 
> on eth1 is behind an NAT and is using DHCP server in it, everything works
> just fine, I can give access to the managers machine to ssh out or ftp etc.
> The problem is the app loader that apple provides HAS to have ALL access to
> all the ports in the firewall.
> 
> I have tried:
> 
> iptables -I FORWARD -p udp -s MANAGER_IP --dport 0:65535 -i eth1 -o
> eth0 -m mac --mac-source MANAGER_MAC -j ACCEPT
> 
> iptables -I FORWARD -p tcp -s MANAGER_IP --dport 0:65535 -i eth1 -o
> eth0 -m mac --mac-source MANAGER_MAC -j ACCEPT
> 
> iptables -L FORWARD -nv
> 
> Chain FORWARD (policy DROP 1080 packets, 64708 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> 
>     0     0 ACCEPT     udp  --  eth1   eth0    manager-ip
> 0.0.0.0/0           udp manager_mac
> 
>     0     0 ACCEPT     tcp  --  eth1   eth0    manager-ip
> 0.0.0.0/0           tcp manager_mac
> 
>     1   176 ACCEPT     icmp --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
>    52  3451 ACCEPT     udp  --  eth1   eth0    0.0.0.0/0
> 0.0.0.0/0           udp dpt:53
>     0     0 ACCEPT     all  --  ppp+   eth0    192.168.1.0/24
> 0.0.0.0/0
>     0     0 ACCEPT     tcp  --  eth1   eth0    manager-ip
> 0.0.0.0/0           tcp dpt:22
> 
> 
>     0     0 ACCEPT     tcp  --  eth1   eth0    manager-ip
> 0.0.0.0/0           tcp dpt:22
>     0     0 ACCEPT     tcp  --  eth1   eth0    manager-ip
> 0.0.0.0/0           tcp dpt:21
> 
> 
>     0     0 ACCEPT     tcp  --  eth1   eth0    manager-ip
> 0.0.0.0/0           tcp dpt:21
>   501  402K ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           state RELATED,ESTABLISHED
> 
> 
> I have tested the machine connectivity, it has ssh,ftp,http,https
> access on everything in the net, but the app refuses to connect to the
> apple servers, the only error that I get from the app is " TCP/IP
> connectivity failed ",
> the settings for the network for the machine is set to http and https
> through proxy and everything else has connection direct trough the
> firewall.
> 
> Does anyone has any ideas what am I missing?
> 
> Thanks for you time
> 
> Roddy
> 

-- 
Robert Ladyman
File-Away Limited
3 Ralston Business Centre, Newtyle, Blairgowrie
Perthshire  PH12 8TL SCOTLAND
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk

============================================
Registered Office: 32 Church Street, Newtyle, Blairgowrie
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086

More information about the dundee mailing list