I have two VPS with exactly the save iptables rules applied. VPS1 is working as intended. VPS2 is dropping INPUT traffic, I know this because when I set the INPUT policy to ACCEPT, VPS2 starts working fine.
Any ping or apt update requests work fine on VPS1 but not on VPS2.
Below are my iptables rules:
# Generated by iptables-save v1.8.10 (nf_tables) on Thu Feb 13 08:23:05 2025 *filter :INPUT DROP [124:10599] :FORWARD ACCEPT [30026868:6895187393] :OUTPUT DROP [3854:392867] -A INPUT -i enp21s0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i enp21s0 -p udp -m udp --sport 53 -j ACCEPT -A INPUT -i enp21s0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i enp21s0 -p tcp -m tcp --sport 53 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i enp21s0 -p tcp -m tcp --dport 58644 -j ACCEPT -A INPUT -p tcp -m tcp --dport 2018 -j ACCEPT -A INPUT -s 45.9.188.80/32 -i enp21s0 -p tcp -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A FORWARD -i enp21s0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o enp21s0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m string --string "BitTorrent" --algo bm -j DROP -A FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP -A FORWARD -m string --string "peer_id=" --algo bm -j DROP -A FORWARD -m string --string ".torrent" --algo bm -j DROP -A FORWARD -m string --string "announce.php?passkey=" --algo bm -j DROP -A FORWARD -m string --string "torrent" --algo bm -j DROP -A FORWARD -m string --string "announce" --algo bm -j DROP -A FORWARD -m string --string "info_hash" --algo bm -j DROP -A FORWARD -m string --string "tracker" --algo bm -j DROP -A FORWARD -m string --string "get_peers" --algo bm -j DROP -A FORWARD -m string --string "announce_peer" --algo bm -j DROP -A FORWARD -m string --string "find_node" --algo bm -j DROP -A FORWARD -o enp21s0 -p tcp -m tcp --dport 25 -j DROP -A FORWARD -o enp21s0 -p tcp -m tcp --dport 587 -j DROP -A FORWARD -o enp21s0 -p tcp -m tcp --dport 465 -j DROP -A FORWARD -o enp21s0 -p tcp -m tcp --dport 588 -j DROP -A FORWARD -o enp21s0 -p tcp -m tcp --dport 2525 -j DROP -A OUTPUT -o enp21s0 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT COMMIT # Completed on Thu Feb 13 08:23:05 2025 # Generated by iptables-save v1.8.10 (nf_tables) on Thu Feb 13 08:23:05 2025 *nat :PREROUTING ACCEPT [19257820:2553227857] :INPUT ACCEPT [475708:24697295] :OUTPUT ACCEPT [212006:15357977] :POSTROUTING ACCEPT [212057:15361997] -A POSTROUTING -s 10.8.0.0/24 -o enp21s0 -j MASQUERADE COMMIT # Completed on Thu Feb 13 08:23:05 2025 What could be the issue here? And how can I debug it?
enp21s0)? PS double check for any errors