From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FtiG8-0004ea-Qo for garchives@archives.gentoo.org; Fri, 23 Jun 2006 09:47:29 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k5N9jqaQ020177; Fri, 23 Jun 2006 09:45:52 GMT Received: from ilievnet.com ([84.21.204.200]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k5N9cDYj007471 for ; Fri, 23 Jun 2006 09:38:14 GMT Received: (qmail 7928 invoked from network); 23 Jun 2006 12:38:13 +0300 Received: from unknown (HELO mail.ilievnet.com) (127.0.0.1) by 0 with SMTP; 23 Jun 2006 12:38:13 +0300 Received: from 10.0.1.1 (SquirrelMail authenticated user danny@ilievnet.com) by mail.ilievnet.com with HTTP; Fri, 23 Jun 2006 12:38:13 +0300 (EEST) Message-ID: <36022.10.0.1.1.1151055493.squirrel@mail.ilievnet.com> In-Reply-To: <20060623110408.192f26d5@lx-arnau.pic.es> References: <20060623110408.192f26d5@lx-arnau.pic.es> Date: Fri, 23 Jun 2006 12:38:13 +0300 (EEST) Subject: Re: [gentoo-user] nfs and iptables From: "Daniel Iliev" To: gentoo-user@lists.gentoo.org User-Agent: SquirrelMail/1.4.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain;charset=windows-1251 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Archives-Salt: 6e87547e-f49c-4a2e-a7b6-7631cb747e8f X-Archives-Hash: 6cd0abac629b9d779c198e911424f471 On Fri, June 23, 2006 12:04 pm, Arnau Bria wrote: > > Well, so I set next rule in my firewall: > -A INPUT -d 193.146.196.198 -i eth0 -p tcp -m tcp --dport 111 -j ACCEPT > -A INPUT -d 193.146.196.198 -i eth0 -p tcp -m tcp --dport 111 -j LOG > --log-prefix "NFS (tcp) Input: " --log-level 7 -A INPUT -d > 193.146.196.198 -i eth0 -p udp -m udp --dport 111 -j LOG --log-prefix > "NFS (udp) Input: " --log-level 7 -A INPUT -d 193.146.196.198 -i eth0 > -p udp -m udp --dport 111 -j ACCEPT My first guess is that you have another FW rule which matches those packets and drops them before they meet the rule you mention. You could try: -D INPUT -d 193.146.196.198 -i eth0 -p tcp -m tcp --dport 111 -j ACCEPT -I INPUT -d 193.146.196.198 -i eth0 -p tcp -m tcp --dport 111 -j ACCEPT (drop the rule and insert it on top of all other) -- Best regards, Daniel -- gentoo-user@gentoo.org mailing list