[Gllug] help with routing and iptables required
Formi
formi at blueyonder.co.uk
Mon Jan 28 16:05:55 UTC 2002
Hi,
I am enclosing the output of:
iptables -L
The firewall settings are supposed to stop everything coming in from the
internet. And allow everything inside in the intranet.
The server is connected to two ohers, each of them through a different
nic.
If I boot the server and don't put up the firewall I can see all
computers from all sides. When I start the firewall I can see the server
and the internet from both the clients.
The problem is that I no longer can ping or connect from one client to
the other.
Can somebody have a look at the attachment and tell me which rule is
causing this?
Thanks,
Formi.
-------------- next part --------------
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere 192.168.0.0/16
DROP all -- 192.168.0.0/16 anywhere
DROP all -- anywhere 10.0.0.0/8
DROP all -- 10.0.0.0/8 anywhere
PUB_IN all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- 192.168.0.0/16 0.0.0.255/0.0.0.255tcp dpts:netbios-ns:netbios-ssn
DROP udp -- 192.168.0.0/16 0.0.0.255/0.0.0.255udp dpts:netbios-ns:netbios-ssn
ACCEPT all -- 192.168.0.0/16 anywhere
DROP tcp -- 10.0.0.0/8 0.0.0.255/0.0.0.255tcp dpts:netbios-ns:netbios-ssn
DROP udp -- 10.0.0.0/8 0.0.0.255/0.0.0.255udp dpts:netbios-ns:netbios-ssn
ACCEPT all -- 10.0.0.0/8 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
Chain INT_IN (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:shilp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:rap
ACCEPT tcp -- anywhere anywhere tcp dpt:name
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ident
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:xdmcp
ACCEPT udp -- anywhere anywhere udp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:imap
ACCEPT udp -- anywhere anywhere udp dpt:shilp
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:telnet
ACCEPT udp -- anywhere anywhere udp dpt:rap
ACCEPT udp -- anywhere anywhere udp dpt:name
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:sunrpc
ACCEPT udp -- anywhere anywhere udp dpt:auth
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp dpt:xdmcp
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain PUB_IN (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
LOG tcp -- anywhere anywhere tcp dpt:telnet state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:ftp state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:imap state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:pop3 state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:finger state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:sunrpc state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:login state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:ssh state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain PUB_OUT (1 references)
target prot opt source destination
REJECT icmp -- anywhere anywhere icmp destination-unreachable reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp time-exceeded reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
More information about the GLLUG
mailing list