Discussion:
Help - How to block port 80 (outgoing)
Mike Galloway
2002-12-29 20:20:12 UTC
Permalink
For some reason, I cannot get out of my system using wget, curl, or even
telnet via
port 80. All programs responds with (no route to host). I believe there
is some type of firewall or port blocking mechanism that is blocking all
traffic outbound to port 80.

So I am asking how to block a port so I can check if that has been done.
I am running RH 7.2

If I use wget or curl to port 443 (secure) it works. If I ping to a host,
it works, just port 80 is
affected.

Here is output from iptables -L

[***@ns1 mike]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Mike Burger
2002-12-29 20:28:02 UTC
Permalink
Is there another firewall in place...on an actual dedicated firewall of
some sort, on your network?
Post by Mike Galloway
For some reason, I cannot get out of my system using wget, curl, or even
telnet via
port 80. All programs responds with (no route to host). I believe there
is some type of firewall or port blocking mechanism that is blocking all
traffic outbound to port 80.
So I am asking how to block a port so I can check if that has been done.
I am running RH 7.2
If I use wget or curl to port 443 (secure) it works. If I ping to a host,
it works, just port 80 is
affected.
Here is output from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Mike Galloway
2002-12-29 20:46:28 UTC
Permalink
There is no external firewall. I am just looking for possible ways you
might block an outgoing port inside RH Linux. Somehow the kernel or an
application is blocking the outgoing connection from within the OS.

Is there something else besides IPTABLES that you can use to block outgoing
ports?

Thanks
Post by Mike Burger
Is there another firewall in place...on an actual dedicated firewall of
some sort, on your network?
Post by Mike Galloway
For some reason, I cannot get out of my system using wget, curl, or even
telnet via
port 80. All programs responds with (no route to host). I believe there
is some type of firewall or port blocking mechanism that is blocking all
traffic outbound to port 80.
So I am asking how to block a port so I can check if that has been done.
I am running RH 7.2
If I use wget or curl to port 443 (secure) it works. If I ping to a host,
it works, just port 80 is
affected.
Here is output from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
https://listman.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Mike Burger
2002-12-29 21:31:39 UTC
Permalink
Well, I guess the next question is "Is it possible that ipchains is
running?"

The reason I asked about the potential firewall is that I thought there
could be an option to use a proxy. My job pretty much blocks all outgoing
traffic, and I have to point my browsers at a proxy, and telnet to proxy
to telnet out.
Post by Mike Galloway
There is no external firewall. I am just looking for possible ways you
might block an outgoing port inside RH Linux. Somehow the kernel or an
application is blocking the outgoing connection from within the OS.
Is there something else besides IPTABLES that you can use to block outgoing
ports?
Thanks
Post by Mike Burger
Is there another firewall in place...on an actual dedicated firewall of
some sort, on your network?
Post by Mike Galloway
For some reason, I cannot get out of my system using wget, curl, or even
telnet via
port 80. All programs responds with (no route to host). I believe there
is some type of firewall or port blocking mechanism that is blocking all
traffic outbound to port 80.
So I am asking how to block a port so I can check if that has been done.
I am running RH 7.2
If I use wget or curl to port 443 (secure) it works. If I ping to a host,
it works, just port 80 is
affected.
Here is output from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
https://listman.redhat.com/mailman/listinfo/redhat-list
--
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Michael Schwendt
2002-12-29 22:25:49 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Mike Burger
Well, I guess the next question is "Is it possible that ipchains is
running?"
If "iptables -L" works without errors, ipchains cannot run at
the same time.

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+D3Zt0iMVcrivHFQRAppHAJ4xOaLfaTw0ZOsDcbP/n8LB+Oq4SQCgg6gA
GQQv6dYT20XJfhcohDilgq0=
=eYob
-----END PGP SIGNATURE-----
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Mike Burger
2002-12-29 22:35:45 UTC
Permalink
Good point...didn't keep that in mind when I asked. Sorry.
Post by Michael Schwendt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Mike Burger
Well, I guess the next question is "Is it possible that ipchains is
running?"
If "iptables -L" works without errors, ipchains cannot run at
the same time.
--
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Mike Galloway
2002-12-30 01:54:33 UTC
Permalink
No, IPchains is not in the kernel and is not running (I checked that...) :)
Post by Michael Schwendt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Mike Burger
Well, I guess the next question is "Is it possible that ipchains is
running?"
If "iptables -L" works without errors, ipchains cannot run at
the same time.
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+D3Zt0iMVcrivHFQRAppHAJ4xOaLfaTw0ZOsDcbP/n8LB+Oq4SQCgg6gA
GQQv6dYT20XJfhcohDilgq0=
=eYob
-----END PGP SIGNATURE-----
--
redhat-list mailing list
https://listman.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
westiepower
2002-12-29 21:37:58 UTC
Permalink
I just went thru the same problem on rh v8.. I thought it was the router and
the iptables were screwd up. I came to find out that my ip had block
incoming and outgoing on port 80. I ended up using port 81 instaed and it
works fine.

-------------------


For some reason, I cannot get out of my system using wget, curl, or even
telnet via
port 80. All programs responds with (no route to host). I believe there
is some type of firewall or port blocking mechanism that is blocking all
traffic outbound to port 80.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Rob Cartier
2002-12-29 22:48:43 UTC
Permalink
Try running

/sbin/ipchains -L

might be that lokkit was run and enabled ipchains
Message: 13
Date: Sun, 29 Dec 2002 15:28:02 -0500 (EST)
Subject: Re: Help - How to block port 80 (outgoing)
Is there another firewall in place...on an actual dedicated
firewall of
some sort, on your network?
Post by Mike Galloway
For some reason, I cannot get out of my system using wget,
curl, or even
Post by Mike Galloway
telnet via
port 80. All programs responds with (no route to host). I
believe there
Post by Mike Galloway
is some type of firewall or port blocking mechanism that is
blocking all
Post by Mike Galloway
traffic outbound to port 80.
So I am asking how to block a port so I can check if that
has been done.
Post by Mike Galloway
I am running RH 7.2
If I use wget or curl to port 443 (secure) it works. If I
ping to a host,
Post by Mike Galloway
it works, just port 80 is
affected.
Here is output from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Mike Galloway
2002-12-30 01:59:39 UTC
Permalink
If you look in the mesage I gave the output of the IPCHAINS -L.
What is lokkit?

Any ideas on anything else I can use to debug. I have it whittled down to
a port issue coming out of my box.
Post by Rob Cartier
Try running
/sbin/ipchains -L
might be that lokkit was run and enabled ipchains
Message: 13
Date: Sun, 29 Dec 2002 15:28:02 -0500 (EST)
Subject: Re: Help - How to block port 80 (outgoing)
Is there another firewall in place...on an actual dedicated
firewall of
some sort, on your network?
Post by Mike Galloway
For some reason, I cannot get out of my system using wget,
curl, or even
Post by Mike Galloway
telnet via
port 80. All programs responds with (no route to host). I
believe there
Post by Mike Galloway
is some type of firewall or port blocking mechanism that is
blocking all
Post by Mike Galloway
traffic outbound to port 80.
So I am asking how to block a port so I can check if that
has been done.
Post by Mike Galloway
I am running RH 7.2
If I use wget or curl to port 443 (secure) it works. If I
ping to a host,
Post by Mike Galloway
it works, just port 80 is
affected.
Here is output from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
--
redhat-list mailing list
https://listman.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Continue reading on narkive:
Loading...