Firewall troubles

Firewall troubles

[Willem-Jan Meijer]

[-- Attachment #1: Type: text/plain, Size: 965 bytes --]

Hello all,

I'm running debian 3.0r1 stable with all security and usual updates. I was
running a 
firewall wich is send with this e-mail as attachment. 

It was running fine, but recently my hdd died and recovery was to expensive
and not 
necessary because I had a backup. I installed debian again, did all updates
and I wanted 
to load the firewall, but when I load this one, my remote login hangs, I
can't ping 
my server anymore and my network isn't working anymore, but the script has
runned fine 
before. What is the problem? At this moment ipmasq is also installed to keep
my network 
running, this is conflicting, I know but I don't know anything else.

Can someone point me in the right direction? I'm using linux/debian from
november 2002, 
so my knowledge is very small.

HTH,

Willem-Jan Meijer
Netherlands

Windows: Where do you want to go today?
MacOS:   Where do you want to be tomorrow?
Linux:   Are you coming or what?

[-- Attachment #2: fw-meijer.txt --]
[-- Type: text/plain, Size: 2097 bytes --]

echo -n "IPTables Firewall."
IPTABLES="/sbin/iptables"

#FLUSH
echo -n "Flush all tables."
$IPTABLES --flush
echo -n "."
$IPTABLES --table nat --flush
echo -n "."
$IPTABLES --delete-chain
echo -n "."
$IPTABLES --table nat --delete-chain
echo ". done"

echo -n " Setting up masquerading rules."
# Set up IPFORWARDing and Masquerading
$IPTABLES --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
echo -n "."
$IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT
echo ". done"

echo -n "Setting rules for loopback device."
# Allow loopback access.
$IPTABLES -A INPUT -i lo -p all -j ACCEPT
echo -n "."
$IPTABLES -A OUTPUT -o lo -p all -j ACCEPT
echo -n "."

echo -n "Setting rules for eth0 device."
# accept established connections
$IPTABLES -A INPUT -i eht0 -m state --state ESTABLISHED,RELATED -j ACCEPT
echo -n "."
#$IPTABLES -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
#echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 25 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 25 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 110 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 110 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 65500:65535 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 65500:65535 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p icmp -i eth0 -j ACCEPT
echo ". done"

echo -n " Setting rules for eth1 device."
# Accept all incoming connections
$IPTABLES -A INPUT -i eth1 -p all -j ACCEPT
echo ". done"

echo -n " Drop all other connection attempts."
$IPTABLES -P INPUT DROP
echo ". done"

Re: Firewall troubles

[Pascal Italiaander]

Op donderdag 5 juni 2003 15:43, schreef Willem-Jan Meijer:
> Hello all,
>
> I'm running debian 3.0r1 stable with all security and usual updates. I was
> running a
> firewall wich is send with this e-mail as attachment.
>
> It was running fine, but recently my hdd died and recovery was to expensive
> and not
> necessary because I had a backup. I installed debian again, did all updates
> and I wanted
> to load the firewall, but when I load this one, my remote login hangs, I
> can't ping
> my server anymore and my network isn't working anymore, but the script has
> runned fine
> before. What is the problem? At this moment ipmasq is also installed to
> keep my network
> running, this is conflicting, I know but I don't know anything else.
>
> Can someone point me in the right direction? I'm using linux/debian from
> november 2002,
> so my knowledge is very small.
>
> HTH,
>
> Willem-Jan Meijer
> Netherlands
>
> Windows: Where do you want to go today?
> MacOS:   Where do you want to be tomorrow?
> Linux:   Are you coming or what?

Heb je bij je backup ook erop gelet ,dat je de rechten ervan moet behouden ? 
Als die nu niet meer goed staan , loopt ook alles in de soep !

Did you preserve the user-rights with taken your backup ?
When they not match the old install , your in trouble !

Pascal
 

RE: Firewall troubles

[Willem-Jan Meijer]

netfilter-admin@lists.netfilter.org
<mailto:netfilter-admin@lists.netfilter.org> schreef op donderdag 5 juni
2003 21:47:

> Op donderdag 5 juni 2003 15:43, schreef Willem-Jan Meijer:
>> Hello all,
>> 
>> I'm running debian 3.0r1 stable with all security and usual updates.
>> I was running a firewall wich is send with this e-mail as attachment.
>> 
>> It was running fine, but recently my hdd died and recovery was to
>> expensive and not necessary because I had a backup. I installed
>> debian again, did all updates and I wanted
>> to load the firewall, but when I load this one, my remote login
>> hangs, I can't ping my server anymore and my network isn't working
>> anymore, but the script has runned fine before. What is the problem?
>> At this moment ipmasq is also installed to keep my network running,
>> this is conflicting, I know but I don't know anything else. 
>> 
>> Can someone point me in the right direction? I'm using linux/debian
>> from november 2002, so my knowledge is very small.
>> 
>> HTH,
>> 
>> Willem-Jan Meijer
>> Netherlands
>> 
>> Windows: Where do you want to go today?
>> MacOS:   Where do you want to be tomorrow?
>> Linux:   Are you coming or what?
> 
> Heb je bij je backup ook erop gelet ,dat je de rechten ervan moet
> behouden ? Als die nu niet meer goed staan , loopt ook alles in de
> soep ! 
> 
> Did you preserve the user-rights with taken your backup ?
> When they not match the old install , your in trouble !
> 
> Pascal

How do you mean? What has my firewall to do with file permissions? Whit 
my backup I mean: What my users stored on my server. I did a normal 
Installation as i've done before. After the reinstall before this one
The firewall was running well, with the same way of making a backup

At the moment I want to load the firewall, everything what has to do with
networking freezes. Then I have to reboot the server and then it's working
Fine, but when I do a portscan at my ip-address there are more open ports
Than I like...

Wat hebben iptables regels te maken met bestandsrechten? Dit is niet de 
eerste reïnstallatie, en na de installatie voor deze deed precies dezelfde
firewall het wel goed. Met de backup bedoel ik: alles uit 
/usr/local/apache2/htdocs

Op het moment dat ik de firewall wil inladen hangt alles wat met het 
netwerk van doen heeft, ik moet dan de server opnieuw starten en dan doet
alles het wel weer. Doe ik dan een portscan dan staan er veel meer poorten
open dan de bedoeling is.

HTH,

Willem-Jan

Windows: Where do you want to go today?
MacOS:   Where do you want to be tomorrow?
Linux:   Are you coming or what?