0

I have two VPS with exactly the save iptables rules applied. VPS1 is working as intended. VPS2 is dropping INPUT traffic, I know this because when I set the INPUT policy to ACCEPT, VPS2 starts working fine.

Any ping or apt update requests work fine on VPS1 but not on VPS2.

Below are my iptables rules:

# Generated by iptables-save v1.8.10 (nf_tables) on Thu Feb 13 08:23:05 2025
*filter
:INPUT DROP [124:10599]
:FORWARD ACCEPT [30026868:6895187393]
:OUTPUT DROP [3854:392867]
-A INPUT -i enp21s0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i enp21s0 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i enp21s0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i enp21s0 -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp21s0 -p tcp -m tcp --dport 58644 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2018 -j ACCEPT
-A INPUT -s 45.9.188.80/32 -i enp21s0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A FORWARD -i enp21s0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -o enp21s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m string --string "BitTorrent" --algo bm -j DROP
-A FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP
-A FORWARD -m string --string "peer_id=" --algo bm -j DROP
-A FORWARD -m string --string ".torrent" --algo bm -j DROP
-A FORWARD -m string --string "announce.php?passkey=" --algo bm -j DROP
-A FORWARD -m string --string "torrent" --algo bm -j DROP
-A FORWARD -m string --string "announce" --algo bm -j DROP
-A FORWARD -m string --string "info_hash" --algo bm -j DROP
-A FORWARD -m string --string "tracker" --algo bm -j DROP
-A FORWARD -m string --string "get_peers" --algo bm -j DROP
-A FORWARD -m string --string "announce_peer" --algo bm -j DROP
-A FORWARD -m string --string "find_node" --algo bm -j DROP
-A FORWARD -o enp21s0 -p tcp -m tcp --dport 25 -j DROP
-A FORWARD -o enp21s0 -p tcp -m tcp --dport 587 -j DROP
-A FORWARD -o enp21s0 -p tcp -m tcp --dport 465 -j DROP
-A FORWARD -o enp21s0 -p tcp -m tcp --dport 588 -j DROP
-A FORWARD -o enp21s0 -p tcp -m tcp --dport 2525 -j DROP
-A OUTPUT -o enp21s0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Thu Feb 13 08:23:05 2025
# Generated by iptables-save v1.8.10 (nf_tables) on Thu Feb 13 08:23:05 2025
*nat
:PREROUTING ACCEPT [19257820:2553227857]
:INPUT ACCEPT [475708:24697295]
:OUTPUT ACCEPT [212006:15357977]
:POSTROUTING ACCEPT [212057:15361997]
-A POSTROUTING -s 10.8.0.0/24 -o enp21s0 -j MASQUERADE
COMMIT
# Completed on Thu Feb 13 08:23:05 2025

What could be the issue here? And how can I debug it?

dzboot02
  • 111
  • 5

0 Answers0