0

I have 2 IP address, 1 bound to eth0 and the other bound to an aliased interface, eth0:1, both of these interfaces work without a problem.

However, in iptables I have the following set of rules:

-A INPUT -i eth0 -d 174.143.246.30 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -d 174.143.241.61 -p tcp -m tcp --dport 80 -j ACCEPT

iptables shows them being loaded

target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             loopback/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
ACCEPT     tcp  --  anywhere             eurus.iamkura.com   tcp dpt:www
ACCEPT     tcp  --  anywhere             eurus.iamkura.com   tcp dpt:www
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

But when I look at my logs I can see that iptables claims to be blocking access on port 80 on the second IP.

Feb 11 21:54:31 eurus kernel: [ 8212.861011] iptables denied: IN=eth0 OUT= MAC=40:40:f2:77:69:a8:00:1e:f7:19:b0:7f:08:00 SRC=<MY.IP.HERE> DST=174.143.241.61 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=26993 DF PROTO=TCP SPT=51690 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

I am actually able to connect to port 80 on that IP without any problems, even if iptables shouts in the logs.

Any ideas?

Kura
  • 233
  • 2
  • 7

1 Answers1

0

IPTABLES is not blocking access to that port, but limiting the rate: 

limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '

careful when you accept what an output message says as true (or a source code comment). It usually happens when you've been staring at it for too long, or at least it happens for me :)

lorenzog
  • 2,799
  • 3
  • 20
  • 24