Raffaele
Newbie
Karma: +0/-0
 Scollegato
Messaggi: 34
|
 |
« inserita:: Aprile 04, 2006, 10:46:44 pm » |
|
ciao a tutti.
Ho in casa una piccola LAN di cui il firewall/router è un computerino con una debian sarge. I client windows riescono a connettersi normalmente al server e generalmente rimangono sempre connessi (anche se ogni tanto si bloccano, e non ne so il motivo). Il problema è che ho due client (una suse ed una debian) che riescono ad ottenere l\'IP dal server ma ogni qualsiasi connessione (ssh, telnet, http) viene rifiutata, nonostante il firewall sia configurato per accettarle. Quando vado poi sul server e pingo i client a quel punto tutte le connessioni si aprono magicamente e i client rimangono sempre connessi senza problemi. Qualcuno ha idea di come risolvere il problema? Devo necessariamente arrivare brutalmente a scrivere un demone che pinga i client in eterno?
Grazie a tutti.:laugh:
Post modificato da: Raffaele, alle: 04/04/2006 16:47
|
|
|
|
|
Registrato
|
Raffaele
|
|
|
|
metaldaze
|
|
« Risposta #1 inserita:: Aprile 04, 2006, 11:32:00 pm » |
|
Posta così la questione non é facile venirne a capo.
Per cominciare potresti postare la configurazione del firewall così da vedere se il problema é lì, come mi pare plausibile.
|
|
|
|
|
Registrato
|
|
|
|
Raffaele
Newbie
Karma: +0/-0
Scollegato
Messaggi: 34
|
|
« Risposta #2 inserita:: Aprile 05, 2006, 09:12:17 am » |
|
Spero non sia incasinato, uso shorewall per configurare il firewall. Il server ha prima scheda di rete eth0 che si collega alla rete interna, e la seconda ppp0 (eth1) che si collega al modem. merlino:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ppp0_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:\'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:«»SYN,RST/SYN TCPMSS clamp to PMTU
ppp0_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:\'
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:\'
reject all -- anywhere anywhere
Chain AllowICMPs (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
Chain Drop (1 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
DropSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere
Chain DropDNSrep (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp spt:domain
Chain DropSMB (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:loc-srv
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:loc-srv
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
Chain DropUPnP (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:1900
Chain Reject (4 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
RejectSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere
Chain RejectAuth (2 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
Chain RejectSMB (1 references)
target prot opt source destination
reject udp -- anywhere anywhere udp dpt:loc-srv
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:loc-srv
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:\'
reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN
Chain dynamic (4 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
tcpflags tcp -- anywhere anywhere
loc2net all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
tcpflags tcp -- anywhere anywhere
loc2fw all -- anywhere anywhere
Chain fw2loc (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:«»ssh
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:«»ssh
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport dports 4661,4662
ACCEPT udp -- anywhere anywhere multiport dports 4665,4672
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT all -- anywhere anywhere
Chain icmpdef (0 references)
target prot opt source destination
Chain loc2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:«»ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:3128
ACCEPT all -- anywhere anywhere
Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logflags (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info ip-options prefix `Shorewall:logflags:«»DROP:\'
DROP all -- anywhere anywhere
Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:«»DROP:\'
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:«»ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT tcp -- anywhere anywhere tcp dpt:4711
net2all all -- anywhere anywhere
Chain norfc1918 (2 references)
target prot opt source destination
rfc1918 all -- 172.16.0.0/12 anywhere
rfc1918 all -- anywhere anywhere ctorigdst 172.16.0.0/12
rfc1918 all -- 192.168.0.0/16 anywhere
rfc1918 all -- anywhere anywhere ctorigdst 192.168.0.0/16
rfc1918 all -- 10.0.0.0/8 anywhere
rfc1918 all -- anywhere anywhere ctorigdst 10.0.0.0/8
Chain ppp0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
norfc1918 all -- anywhere anywhere state NEW
tcpflags tcp -- anywhere anywhere
net2all all -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
norfc1918 all -- anywhere anywhere state NEW
tcpflags tcp -- anywhere anywhere
net2fw all -- anywhere anywhere
Chain reject (11 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 192.168.1.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain rfc1918 (6 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:rfc1918:«»DROP:\'
DROP all -- anywhere anywhere
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:«»smurfs:«»DROP:\'
DROP all -- 192.168.1.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:«»smurfs:«»DROP:\'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:«»smurfs:«»DROP:\'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
Chain tcpflags (4 references)
target prot opt source destination
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere tcp flags:«»SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere tcp spt:0 flags:«»SYN,RST,ACK/SYN
Post modificato da: Raffaele, alle: 05/04/2006 03:15 |
|
|
|
|
Registrato
|
Raffaele
|
|
|
|
metaldaze
|
|
« Risposta #3 inserita:: Aprile 05, 2006, 10:38:18 pm » |
|
WOW! Decisamente un casino! Quante chain!!
Comunque da quello che sono riuscito a capire non dovrebbe dipendere da lì...
A questo punto penso: non é che in quei client c\'é pure il firewall attivo? E non é che magari vengono accettati in output solo i pacchetti per le connessioni ESTABLISHED?
|
|
|
|
|
Registrato
|
|
|
|
Raffaele
Newbie
Karma: +0/-0
Scollegato
Messaggi: 34
|
|
« Risposta #4 inserita:: Aprile 06, 2006, 06:49:32 am » |
|
Ciao. Ho provato a cambiare firewall, ho usato un generatore di script che ho trovato in rete e devo dire che adesso la rete interna scorre più velocemente anche se non ho risolto il problema, cioè se poi vado dal server a pingare le connessioni si aprono. Nei client i firewall sono configurati per accettare quasi tutte le connessioni, quindi questo non credo sia un problema. E non é che magari vengono accettati in output solo i pacchetti per le connessioni ESTABLISHED? Come faccio a verificarlo? Ciao e grazie. Post modificato da: Raffaele, alle: 06/04/2006 00:50 |
|
|
|
|
Registrato
|
Raffaele
|
|
|
|
metaldaze
|
|
« Risposta #5 inserita:: Aprile 06, 2006, 03:11:25 pm » |
|
Beh, fai anche sui client un \"iptables -L -nv\" e postalo così verifichiamo subito  Speriamo che non sia complicato come l\'altro  |
|
|
|
|
Registrato
|
|
|
|
Raffaele
Newbie
Karma: +0/-0
Scollegato
Messaggi: 34
|
|
« Risposta #6 inserita:: Aprile 07, 2006, 08:16:30 pm » |
|
Ciao ho risolto il problema con un demone che pinga tutti, ora funziona tutto e almeno non ci ho dovuto sbattere la testa più di tanto: #!/bin/bash
while true
do
ping -c 1 192.168.1.3 > /dev/null
ping -c 1 192.168.1.4 > /dev/null
ping -c 1 192.168.1.5 > /dev/null
ping -c 1 192.168.1.6 > /dev/null
done & Ciao e grazie. Post modificato da: Raffaele, alle: 07/04/2006 14:17 |
|
|
|
|
Registrato
|
Raffaele
|
|
|
|
perseus
|
|
« Risposta #7 inserita:: Aprile 07, 2006, 08:25:09 pm » |
|
Fammi capire. In questo modo, fino a quando tutti e 4 i ping che fai non vanno a buon fine il server pinga i client?
Oppure lo fa una volta sola?
Dove lo hai inserito questo script? In crontab o all\'avvio o dove?
Grazie e ciao!
Post modificato da: perseus, alle: 07/04/2006 14:26
|
|
|
|
|
Registrato
|
|
|
|
Raffaele
Newbie
Karma: +0/-0
Scollegato
Messaggi: 34
|
|
« Risposta #8 inserita:: Aprile 07, 2006, 08:41:44 pm » |
|
In questo modo il server pinga in eterno i clients che vedi, con l\'opzione -c 1, ossia spedisci un pacchetto e basta e passa al successivo (senza interessarsi se questo siu giunto a destinazione o no). Leggendo il tuo post, il mio problema è leggermente diverso, nel fatto che il mio server ha bisogno di fare un ping al client altrimenti il server nega qualsiasi connessione allo stesso client (e non ne ho capito il motivo), nonostante il client abbia ricevuto l\'ip correttamente. Questo è il file /etc/init.d/pingatutti , l\'ho messo al boot con # chmod 755 /etc/init.d/pingatutti
#ln -s /etc/init.d/pingatutti /etc/rc5.d/S95pingatutti Ciao Post modificato da: Raffaele, alle: 07/04/2006 14:43 |
|
|
|
|
Registrato
|
Raffaele
|
|
|
|
perseus
|
|
« Risposta #9 inserita:: Aprile 07, 2006, 08:46:57 pm » |
|
Capito. Grazie!!
|
|
|
|
|
Registrato
|
|
|
|
|
metaldaze
|
|
« Risposta #10 inserita:: Aprile 07, 2006, 10:11:47 pm » |
|
Ciao, certo la soluzione seppur funzionante non é delle più felici: così fai viaggiare per la tua rete pacchetti inutili in eterno :blink: Comunque se sta bene a te... Però, almeno per curiosità e dal momento che potrebbe tornare utile alla comunità, non é che posteresti l\'output di
iptables -L -nv
su uno dei client che avevano il problema? Grazie |
|
|
|
|
Registrato
|
|
|
|
|
perseus
|
|
« Risposta #11 inserita:: Aprile 07, 2006, 11:38:45 pm » |
|
E\' quello che in fondo pensavo anche io. Non ti conviene modificare lo script di modo che faccia 1 ping per macchina e poi finisca lì, e poi con crontab lo fai eseguire, che so, ogni 5 minuti? Sempre meglio di un ping eterno, no?
|
|
|
|
|
Registrato
|
|
|
|
Raffaele
Newbie
Karma: +0/-0
Scollegato
Messaggi: 34
|
|
« Risposta #12 inserita:: Aprile 07, 2006, 11:59:00 pm » |
|
beh in fondo un pacchetto sono solo sui 60 bytes circa, non vedo in che modo possa appesantire la mia rete interna che viaggia a 3Mb/s :laugh: cmq posto il iptables -L -nv del portatile da cui sto scrivendo che ha su una debian sarge: Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
132 7290 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT all -- eth0 * 192.168.1.6 192.168.255.255
0 0 logaborted tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x04/0x04
10487 13M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
169 15946 nicfilt all -- * * 0.0.0.0/0 0.0.0.0/0
169 15946 srcfilt all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
0 0 srcfilt all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
132 7290 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
8858 691K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
159 8452 s1 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f0to1 (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:23 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:0:1023 dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8080 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8008 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8000 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8888 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:3128 state NEW
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
167 15444 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f1to0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:3306 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:5432 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:23 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:6000:6063 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:1723 state NEW
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:0:1023 dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:10000 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:80 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8080 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8008 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8000 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8888 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:443 state NEW
151 7852 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:3128 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8118 state NEW
8 600 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logaborted (1 references)
pkts bytes target prot opt in out source destination
0 0 logaborted2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED \'
Chain logaborted2 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `ABORTED \'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain logdrop (4 references)
pkts bytes target prot opt in out source destination
177 16546 logdrop2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED \'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop2 (1 references)
pkts bytes target prot opt in out source destination
177 16546 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `DROPPED \'
177 16546 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 logreject2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED \'
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject2 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `REJECTED \'
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain nicfilt (1 references)
pkts bytes target prot opt in out source destination
169 15946 RETURN all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain s0 (1 references)
pkts bytes target prot opt in out source destination
167 15444 f0to1 all -- * * 0.0.0.0/0 192.168.1.6
0 0 f0to1 all -- * * 0.0.0.0/0 192.168.255.255
0 0 f0to1 all -- * * 0.0.0.0/0 127.0.0.1
2 502 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain s1 (1 references)
pkts bytes target prot opt in out source destination
159 8452 f1to0 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain srcfilt (2 references)
pkts bytes target prot opt in out source destination
169 15946 s0 all -- * * 0.0.0.0/0 0.0.0.0/0
Saluti |
|
|
|
|
Registrato
|
Raffaele
|
|
|
|
Maggio 02, 2007, 07:30:25 pm
