Re: Kernel 2.6.5 - iptables 1.2.9 problems

[Karl Lattimer <karl@kms-lan.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 1066 bytes --]

Hi IP-Tables isn't outputting any error messages at all. Heres my
script. Or there abouts.

The problems i am getting are the port forwards for 4662 and 4672 arn't
working correctly. I'm getting port forwards adding themselves in for
ports 5800,5900,3372,6502,1025,1026,42 and 366. As you can see these
rules don't exist in the firewall, there is also an nmap scan output
attached of the ports which are open/filtered.

Connection tracking is working fine and when i add some rules in to open
ports up sometimes it doesn't work sometimes it does.

Thanks

Karl

On Fri, 2004-06-25 at 17:13, Juan Hernandez wrote:
> Could you copy and pase some logging?
> 
> Juan
> Karl Lattimer wrote:
> 
> >Hi, I've got a firewall script I've which i've been using for 2 years
> >now on redhat 7.3 and redhat 9, after upgrading to fedora core 2 the
> >script is misbehaving slightly. Some of my port forwards don't work
> >correctly and some of my port blocking/opening doesn't work correctly.
> >
> >Any ideas what may be causing this?
> >
> >Thanks
> >
> >Karl
> >
> >
> >  
> >

[-- Attachment #2: firewall.debug.sh --]
[-- Type: application/x-shellscript, Size: 10398 bytes --]

[-- Attachment #3: nmap.firewall.txt --]
[-- Type: text/plain, Size: 2131 bytes --]

(The 1557 ports scanned but not shown below are in state: closed)
Port       State       Service
1/tcp      filtered    tcpmux
2/tcp      filtered    compressnet
3/tcp      filtered    compressnet
4/tcp      filtered    unknown
5/tcp      filtered    rje
6/tcp      filtered    unknown
7/tcp      filtered    echo
8/tcp      filtered    unknown
9/tcp      filtered    discard
10/tcp     filtered    unknown
11/tcp     filtered    systat
12/tcp     filtered    unknown
13/tcp     filtered    daytime
14/tcp     filtered    unknown
15/tcp     filtered    netstat
16/tcp     filtered    unknown
17/tcp     filtered    qotd
18/tcp     filtered    msp
19/tcp     filtered    chargen
20/tcp     filtered    ftp-data
21/tcp     filtered    ftp
22/tcp     open        ssh
23/tcp     filtered    telnet
24/tcp     filtered    priv-mail
25/tcp     open        smtp
42/tcp     open        nameserver
110/tcp    open        pop-3
135/tcp    filtered    loc-srv
136/tcp    filtered    profile
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn
143/tcp    open        imap2
366/tcp    open        odmr
445/tcp    filtered    microsoft-ds
465/tcp    open        smtps
993/tcp    open        imaps
995/tcp    open        pop3s
1025/tcp   open        NFS-or-IIS
1026/tcp   open        LSA-or-nterm
3372/tcp   open        msdtc
5800/tcp   open        vnc-http
5900/tcp   open        vnc
6502/tcp   open        netop-rc
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=3.00%P=i386-redhat-linux-gnu%D=6/30%Time=40E28D7F%O=22%C=26)
TSeq(Class=RI%gcd=1%SI=185E3A%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=3%SI=81693%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=1%SI=18513E%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=N)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)