[oleg]

@ppalias wrote:

Failure in login doesn’t have to do with the firewall. If you can see the login screen, then the firewall is allowing the traffic. However what may happen is to see the login screen cached, in which case you cannot understand that it is blocked by the firewall. Best solution is to watch the counters of the iptables with the command

iptables -L -v

to see if the blocked packets or the accept packets raise when you try to connect.

Hi,
thanks for reply but I hope I found the solution for failure login.
I create INPUT and OUTPUT rules to allow to use services in the Zeroshell:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
The Reason for that because of using DROP target:
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

then

iptables -A INPUT -m state –state ESTABLISHED, RELATED -j ACCEPT
iptables -A FORWARD -m state –state ESTABLISHED, RELATED -j ACCEPT
iptables -A OUTPUT -m state –state NEW,ESTABLISHED, RELATED -j / ACCEPT
So hopefully it will helps me
Anyway thanks a lot

[oleg]

@oleg wrote:

I have a problem with login to the web interface through the https. I set INPUT chain to drop and then I set to allow https connection with opened 443 port. But i can see connection login screen but the login failed. It works fine as follow:
iptables -A INPUT -p All -j Accept #means that all services and protocols allowed to the firewall which is bad security policy.

Any suggestions?

hi

[Author]

Posts