Currently my IPtables Input chain settings on the server are:
Chain INPUT (policy DROP 6 packets, 588 bytes)
pkts bytes target prot opt in out source destination
202 20660 ACCEPT all -- lo any anywhere anywhere
8 536 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
10 2345 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8050
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8123
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:webcache
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 222 packets, 23444 bytes)
pkts bytes target prot opt in out source destination
If i try to ping for example Port 8123 on this server with
ping 127.0.0.1 -p 8123
it is working, but not with a fqdn, for exmaple
ping foo.bar.de -p 8123
A ping from my laptop to the server with the fqdn is also working. The Output chain is completely open, and if i change the policy in the Input Chain from Drop to Accept, the ping from localhost with fqdn is also working. So in my opinion something in the Input chain config is not correct currently.
I have already tried to allow some port 53 settings, but without any luck.
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
I have also logged the blocked things from the Input Chain with
iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
The output in var/log/messages is something like
Mar 16 12:22:05 bla kernel: IPTables-Dropped: IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=XX.XX.XX.XXX DST=XX.XX.XX.XX LEN=92 TOS=0x00 PREC=0x00 TTL=60 ID=25578 DF PROTO=UDP SPT=53 DPT=46139 LEN=72
Can you help me, so that the ping on the localhost with the fqdn is working?