[ale] Problems with an IPTables Firewall! Help please!

sangell at nan.net sangell at nan.net
Tue Oct 1 12:21:54 EDT 2002



My first thought, since it worked prior to a reboot, would be to check your
routing tables to make sure traffic is being routed properly and that you
did not lose a route entry. Other than that nothing jumps out at me.


\_\_\_\_\_\_\_\_\_\_\_/_/_/_/_/_/_/_/_/_/_/
\_    Steve Angell,  MCSE, CCNA           _/
\_    MIS Operations Manager               _/
\_    TSYS Debt Management             _/
\_    Norcross, GA                                   _/
\_    Phone 770-409-5570                    _/
\_    Fax      770-416-1752                   _/
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/


                                                                                                                   
                    John Cole                                                                                      
                    <JohnC at LGEFCU.       To:     "'ale at ale.org'" <ale at ale.org>                                     
                    org>                 cc:                                                                       
                                         Subject:     [ale] Problems with an IPTables Firewall! Help please!       
                    10/01/2002                                                                                     
                    12:09 PM                                                                                       
                                                                                                                   
                                                                                                                   




Howdy all!

I have setup a Redhat 7.2 linux box with 2 nics. (inside/outside).
I ran a PHP based IPTables configuration http://morizot.net/firewall/ to
setup the firewall.  Now, it doesn't seem to like doing forwarding of
traffic!  (actually, it worked once, then I rebooted and now it doesn't
work
anymore!!)

The following is the output of iptables -L:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
bad_packets  all  --  anywhere             anywhere
ACCEPT     all  --  192.168.1.0/24       anywhere
ACCEPT     all  --  anywhere             192.168.1.255
ACCEPT     udp  --  anywhere             anywhere           udp spt:bootpc
dpt:bootps
ACCEPT     all  --  anywhere             anywhere           state
RELATED,ESTABLISHED
tcp_inbound  tcp  --  anywhere             anywhere
udp_inbound  udp  --  anywhere             anywhere
icmp_packets  icmp --  anywhere             anywhere
DROP       all  --  anywhere             255.255.255.255
LOG        all  --  anywhere             anywhere           limit: avg
10/min burst 10 LOG level warning prefix `INPUT packet died: '

Chain FORWARD (policy DROP)
target     prot opt source               destination
tcp_outbound  tcp  --  anywhere             anywhere
udp_outbound  udp  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere           state
RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere           limit: avg
10/min burst 10 LOG level warning prefix `FORWARD packet died: '

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       icmp --  anywhere             anywhere           state INVALID
ACCEPT     all  --  GATEWAY1             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  192.168.1.1          anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere           limit: avg
10/min burst 10 LOG level warning prefix `OUTPUT packet died: '

Chain bad_packets (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state INVALID
LOG level warning prefix `Invalid packet:'
DROP       all  --  anywhere             anywhere           state INVALID
bad_tcp_packets  tcp  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain bad_tcp_packets (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere
LOG        tcp  --  anywhere             anywhere           tcp
flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn:'
DROP       tcp  --  anywhere             anywhere           tcp
flags:!SYN,RST,ACK/SYN state NEW
RETURN     tcp  --  anywhere             anywhere

Chain icmp_packets (1 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere           icmp
echo-request
ACCEPT     icmp --  anywhere             anywhere           icmp
time-exceeded
RETURN     icmp --  anywhere             anywhere

Chain tcp_inbound (1 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             ALL-SYSTEMS.MCAST.NET
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
RETURN     tcp  --  anywhere             anywhere

Chain tcp_outbound (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere

Chain udp_inbound (1 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere           udp
dpt:netbios-ns
DROP       udp  --  anywhere             anywhere           udp
dpt:netbios-dgm
RETURN     udp  --  anywhere             anywhere

Chain udp_outbound (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere


Does anything jump out to anyone as what's wrong?
Thanks,
John Cole

Help Desk Administrator
Lockheed Georgia Employees' Federal Credit Union
430 Commerce Park Drive
Marietta, GA 30060
(770) 424-0060
(800) 541-8921
jcole at lgefcu.org

Disclaimer: The information contained in this email is proprietary and
confidential.  It is intended solely for the use of the person identified
and intended as the recipient. This document is forwarded to you in such a
form (E-mail) that LGEFCU cannot guarantee the completeness and/or
correctness of its contents and information. If you have received this
E-mail message in error, please notify us immediately. Please also delete
this document from your computer. This document may not be reproduced,
copied, distributed, published, modified, or furnished to third parties,
without the prior written consent of LGEFCU. LGEFCU specifically disclaims
any responsibility or liability for any personal information or opinions of
the author expressed in this email.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
sent to listmaster at ale dot org.






---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list