[ale] Problems with an IPTables Firewall! Help please!
sangell at nan.net
sangell at nan.net
Tue Oct 1 12:21:54 EDT 2002
My first thought, since it worked prior to a reboot, would be to check your
routing tables to make sure traffic is being routed properly and that you
did not lose a route entry. Other than that nothing jumps out at me.
\_\_\_\_\_\_\_\_\_\_\_/_/_/_/_/_/_/_/_/_/_/
\_ Steve Angell, MCSE, CCNA _/
\_ MIS Operations Manager _/
\_ TSYS Debt Management _/
\_ Norcross, GA _/
\_ Phone 770-409-5570 _/
\_ Fax 770-416-1752 _/
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
John Cole
<JohnC at LGEFCU. To: "'ale at ale.org'" <ale at ale.org>
org> cc:
Subject: [ale] Problems with an IPTables Firewall! Help please!
10/01/2002
12:09 PM
Howdy all!
I have setup a Redhat 7.2 linux box with 2 nics. (inside/outside).
I ran a PHP based IPTables configuration http://morizot.net/firewall/ to
setup the firewall. Now, it doesn't seem to like doing forwarding of
traffic! (actually, it worked once, then I rebooted and now it doesn't
work
anymore!!)
The following is the output of iptables -L:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere 192.168.1.255
ACCEPT udp -- anywhere anywhere udp spt:bootpc
dpt:bootps
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere anywhere limit: avg
10/min burst 10 LOG level warning prefix `INPUT packet died: '
Chain FORWARD (policy DROP)
target prot opt source destination
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg
10/min burst 10 LOG level warning prefix `FORWARD packet died: '
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- GATEWAY1 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.1.1 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
10/min burst 10 LOG level warning prefix `OUTPUT packet died: '
Chain bad_packets (1 references)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID
LOG level warning prefix `Invalid packet:'
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp
flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn:'
DROP tcp -- anywhere anywhere tcp
flags:!SYN,RST,ACK/SYN state NEW
RETURN tcp -- anywhere anywhere
Chain icmp_packets (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
RETURN icmp -- anywhere anywhere
Chain tcp_inbound (1 references)
target prot opt source destination
DROP tcp -- anywhere ALL-SYSTEMS.MCAST.NET
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere
Chain tcp_outbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere
Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp
dpt:netbios-ns
DROP udp -- anywhere anywhere udp
dpt:netbios-dgm
RETURN udp -- anywhere anywhere
Chain udp_outbound (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
Does anything jump out to anyone as what's wrong?
Thanks,
John Cole
Help Desk Administrator
Lockheed Georgia Employees' Federal Credit Union
430 Commerce Park Drive
Marietta, GA 30060
(770) 424-0060
(800) 541-8921
jcole at lgefcu.org
Disclaimer: The information contained in this email is proprietary and
confidential. It is intended solely for the use of the person identified
and intended as the recipient. This document is forwarded to you in such a
form (E-mail) that LGEFCU cannot guarantee the completeness and/or
correctness of its contents and information. If you have received this
E-mail message in error, please notify us immediately. Please also delete
this document from your computer. This document may not be reproduced,
copied, distributed, published, modified, or furnished to third parties,
without the prior written consent of LGEFCU. LGEFCU specifically disclaims
any responsibility or liability for any personal information or opinions of
the author expressed in this email.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list