[SOLVED] iptable blocks connections from local machine to local daemon

c84 · 2017-12-04 19:24:38

Hi,

I actually experience an issue with iptables:
Since I enabled iptables, I'm not able anymore to access my Tomcat running on localhost.

According to the ruleset I took from Arch Wiki, this should not happen - at least not if I understood it well, which doesn't seem to be the case.

Here's my ruleset:

[xxx@xxx xxx]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   545 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo0    any     anywhere             anywhere            
    0     0 ACCEPT     ipv6 --  any    any     anywhere             anywhere            
    0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request ctstate NEW
   15  2661 UDP        udp  --  any    any     anywhere             anywhere             ctstate NEW
    0     0 TCP        tcp  --  any    any     anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
   15  2661 REJECT     udp  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere             reject-with tcp-reset
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-proto-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 18 packets, 1317 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain TCP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ns
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-dgm
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ssn
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:microsoft-ds

Chain UDP (1 references)
 pkts bytes target     prot opt in     out     source               destination

ss output:

[xxx@xxx xxx]$ ss -an | grep 7481
tcp    LISTEN     0      100       *:7481                  *:*

However, a telnet to 127.0.0.1:7481 is not possible, same for any other interface remaining.

As soon I open the port with:

iptables -A TCP -p tcp -m tcp --dport 7481 -j ACCEPT

everything works well, but now it's also opened for external access, which is not what I want. I would expect the original configuration to work, since access to lo is allowed.

How to configure iptables to block external access, but allow connections from localhost?

Last edited by c84 (2017-12-04 20:01:43)

c84 · 2017-12-04 20:00:52

I just solved that, as expected it was a dumb issue.

I'm new to Arch Linux, used mainly FreeBSD till now - the loopback interface there is named "lo0" instead of "lo" here with Linux.
It's even correct in Arch Wiki where the rules initially come from, but my fingers just translated that to what they know best.

Sorry

Arch Linux

#1 2017-12-04 19:24:38

[SOLVED] iptable blocks connections from local machine to local daemon

#2 2017-12-04 20:00:52

Re: [SOLVED] iptable blocks connections from local machine to local daemon

Board footer