From: Philipp Offermann <philipp@offermann.tk>
To: netfilter@lists.netfilter.org
Subject: iptables doesn't stop connection
Date: Sat, 1 May 2004 09:58:47 +0200 [thread overview]
Message-ID: <200405010958.47237.philipp@offermann.tk> (raw)
Hi,
I'm using iptables to firewall my system but it doesn't seem to work. For
example I have a cvs-server running (port 2401) that shoud not be accessible
from the outside. Still when I'm trying to connect with "telnet mymachine
2401" I get a connection, if not on the first try then on the second. I get
the following syslog:
Apr 27 11:12:36 mymachine kernel: [IPTABLES DROP] : IN=eth0 OUT=
MAC=00:0c:76:1d:b0:ec:00:02:85:1a:d7:20:08:00 SRC=193.250.17.211
DST=*myip* LEN=60 TOS=0x10 PREC=0x00 TTL=52 ID=57653 DF PROTO=TCP
SPT=40871 DPT=2401 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A000E2C400000000001030300)
Apr 27 11:12:39 mymachine kernel: [IPTABLES DROP] : IN=eth0 OUT=
MAC=00:0c:76:1d:b0:ec:00:02:85:1a:d7:20:08:00 SRC=193.250.17.211
DST=*myip* LEN=60 TOS=0x10 PREC=0x00 TTL=52 ID=57654 DF PROTO=TCP
SPT=40871 DPT=2401 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A000E2D6C0000000001030300)
Apr 27 11:12:45 mymachine cvs-pserver[1746]: connect from 193.250.17.211
You find my iptables configuration at the end of the message. Does anyone know
why I can connect to my cvs server?
Thankx a lot,
Philipp
Chain INPUT (policy ACCEPT)
target prot opt source destination
bad_tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT all -- *myip* 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 *myip* state RELATED,ESTABLISHED
tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
udp_packets udp -- 0.0.0.0/0 0.0.0.0/0 udp
icmp_packets icmp -- 0.0.0.0/0 0.0.0.0/0
log_drop all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain allowed (10 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp state
RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
Chain bad_tcp_packets (1 references)
target prot opt source destination
log_drop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:!0x16/0x02 state NEW
Chain icmp_packets (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
Chain log_accept (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level
4 prefix `[IPTABLES ACCEPT] : '
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain log_drop (5 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level
4 prefix `[IPTABLES DROP] : '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain log_reject (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level
4 prefix `[IPTABLES REJECT] : '
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp reject-with
tcp-reset
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
Chain tcp_packets (1 references)
target prot opt source destination
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
log_reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
log_drop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
log_drop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
log_drop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1002
allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
Chain udp_packets (1 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 213.239.192.18 udp dpts:135:139
DROP udp -- 0.0.0.0/0 255.255.255.255 udp dpts:135:139
next reply other threads:[~2004-05-01 7:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-01 7:58 Philipp Offermann [this message]
2004-05-01 8:17 ` iptables doesn't stop connection Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200405010958.47237.philipp@offermann.tk \
--to=philipp@offermann.tk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.