* Kernel 2.6.5 - iptables 1.2.9 problems
@ 2004-06-25 16:03 Karl Lattimer
2004-06-25 16:13 ` Juan Hernandez
0 siblings, 1 reply; 6+ messages in thread
From: Karl Lattimer @ 2004-06-25 16:03 UTC (permalink / raw)
To: netfilter
Hi, I've got a firewall script I've which i've been using for 2 years
now on redhat 7.3 and redhat 9, after upgrading to fedora core 2 the
script is misbehaving slightly. Some of my port forwards don't work
correctly and some of my port blocking/opening doesn't work correctly.
Any ideas what may be causing this?
Thanks
Karl
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel 2.6.5 - iptables 1.2.9 problems
2004-06-25 16:03 Kernel 2.6.5 - iptables 1.2.9 problems Karl Lattimer
@ 2004-06-25 16:13 ` Juan Hernandez
2004-06-30 10:06 ` Karl Lattimer
0 siblings, 1 reply; 6+ messages in thread
From: Juan Hernandez @ 2004-06-25 16:13 UTC (permalink / raw)
To: Karl Lattimer; +Cc: netfilter
Could you copy and pase some logging?
Juan
Karl Lattimer wrote:
>Hi, I've got a firewall script I've which i've been using for 2 years
>now on redhat 7.3 and redhat 9, after upgrading to fedora core 2 the
>script is misbehaving slightly. Some of my port forwards don't work
>correctly and some of my port blocking/opening doesn't work correctly.
>
>Any ideas what may be causing this?
>
>Thanks
>
>Karl
>
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel 2.6.5 - iptables 1.2.9 problems
2004-06-25 16:13 ` Juan Hernandez
@ 2004-06-30 10:06 ` Karl Lattimer
2004-06-30 12:11 ` Ruprecht Helms
0 siblings, 1 reply; 6+ messages in thread
From: Karl Lattimer @ 2004-06-30 10:06 UTC (permalink / raw)
To: Juan Hernandez; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 1066 bytes --]
Hi IP-Tables isn't outputting any error messages at all. Heres my
script. Or there abouts.
The problems i am getting are the port forwards for 4662 and 4672 arn't
working correctly. I'm getting port forwards adding themselves in for
ports 5800,5900,3372,6502,1025,1026,42 and 366. As you can see these
rules don't exist in the firewall, there is also an nmap scan output
attached of the ports which are open/filtered.
Connection tracking is working fine and when i add some rules in to open
ports up sometimes it doesn't work sometimes it does.
Thanks
Karl
On Fri, 2004-06-25 at 17:13, Juan Hernandez wrote:
> Could you copy and pase some logging?
>
> Juan
> Karl Lattimer wrote:
>
> >Hi, I've got a firewall script I've which i've been using for 2 years
> >now on redhat 7.3 and redhat 9, after upgrading to fedora core 2 the
> >script is misbehaving slightly. Some of my port forwards don't work
> >correctly and some of my port blocking/opening doesn't work correctly.
> >
> >Any ideas what may be causing this?
> >
> >Thanks
> >
> >Karl
> >
> >
> >
> >
[-- Attachment #2: firewall.debug.sh --]
[-- Type: application/x-shellscript, Size: 10398 bytes --]
[-- Attachment #3: nmap.firewall.txt --]
[-- Type: text/plain, Size: 2131 bytes --]
(The 1557 ports scanned but not shown below are in state: closed)
Port State Service
1/tcp filtered tcpmux
2/tcp filtered compressnet
3/tcp filtered compressnet
4/tcp filtered unknown
5/tcp filtered rje
6/tcp filtered unknown
7/tcp filtered echo
8/tcp filtered unknown
9/tcp filtered discard
10/tcp filtered unknown
11/tcp filtered systat
12/tcp filtered unknown
13/tcp filtered daytime
14/tcp filtered unknown
15/tcp filtered netstat
16/tcp filtered unknown
17/tcp filtered qotd
18/tcp filtered msp
19/tcp filtered chargen
20/tcp filtered ftp-data
21/tcp filtered ftp
22/tcp open ssh
23/tcp filtered telnet
24/tcp filtered priv-mail
25/tcp open smtp
42/tcp open nameserver
110/tcp open pop-3
135/tcp filtered loc-srv
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
143/tcp open imap2
366/tcp open odmr
445/tcp filtered microsoft-ds
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
3372/tcp open msdtc
5800/tcp open vnc-http
5900/tcp open vnc
6502/tcp open netop-rc
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=3.00%P=i386-redhat-linux-gnu%D=6/30%Time=40E28D7F%O=22%C=26)
TSeq(Class=RI%gcd=1%SI=185E3A%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=3%SI=81693%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=1%SI=18513E%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=N)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel 2.6.5 - iptables 1.2.9 problems
2004-06-30 10:06 ` Karl Lattimer
@ 2004-06-30 12:11 ` Ruprecht Helms
2004-06-30 13:26 ` Karl Lattimer
0 siblings, 1 reply; 6+ messages in thread
From: Ruprecht Helms @ 2004-06-30 12:11 UTC (permalink / raw)
To: Karl Lattimer; +Cc: Juan Hernandez, netfilter
Karl Lattimer wrote:
>Hi IP-Tables isn't outputting any error messages at all. Heres my
>script. Or there abouts.
>
>The problems i am getting are the port forwards for 4662 and 4672 arn't
>working correctly. I'm getting port forwards adding themselves in for
>ports 5800,5900,3372,6502,1025,1026,42 and 366.
>
please be so kind and post your ruleset into the list. So it`s better to
say what you have to change.
Regards,
Ruprecht
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel 2.6.5 - iptables 1.2.9 problems
2004-06-30 12:11 ` Ruprecht Helms
@ 2004-06-30 13:26 ` Karl Lattimer
2004-06-30 14:15 ` Karl Lattimer
0 siblings, 1 reply; 6+ messages in thread
From: Karl Lattimer @ 2004-06-30 13:26 UTC (permalink / raw)
To: Ruprecht Helms; +Cc: netfilter
my rule set was attached to my last email.
firewall.debug.sh
On Wed, 2004-06-30 at 13:11, Ruprecht Helms wrote:
> Karl Lattimer wrote:
>
> >Hi IP-Tables isn't outputting any error messages at all. Heres my
> >script. Or there abouts.
> >
> >The problems i am getting are the port forwards for 4662 and 4672 arn't
> >working correctly. I'm getting port forwards adding themselves in for
> >ports 5800,5900,3372,6502,1025,1026,42 and 366.
> >
> please be so kind and post your ruleset into the list. So it`s better to
> say what you have to change.
>
> Regards,
> Ruprecht
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel 2.6.5 - iptables 1.2.9 problems
2004-06-30 13:26 ` Karl Lattimer
@ 2004-06-30 14:15 ` Karl Lattimer
0 siblings, 0 replies; 6+ messages in thread
From: Karl Lattimer @ 2004-06-30 14:15 UTC (permalink / raw)
To: Karl Lattimer; +Cc: netfilter
Its ok i fixed it, if you notice from my debug script there was a : on
the prerouting rules.
Thanks for your help anyway
Karl
On Wed, 2004-06-30 at 14:26, Karl Lattimer wrote:
> my rule set was attached to my last email.
>
> firewall.debug.sh
>
>
> On Wed, 2004-06-30 at 13:11, Ruprecht Helms wrote:
> > Karl Lattimer wrote:
> >
> > >Hi IP-Tables isn't outputting any error messages at all. Heres my
> > >script. Or there abouts.
> > >
> > >The problems i am getting are the port forwards for 4662 and 4672 arn't
> > >working correctly. I'm getting port forwards adding themselves in for
> > >ports 5800,5900,3372,6502,1025,1026,42 and 366.
> > >
> > please be so kind and post your ruleset into the list. So it`s better to
> > say what you have to change.
> >
> > Regards,
> > Ruprecht
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-06-30 14:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-25 16:03 Kernel 2.6.5 - iptables 1.2.9 problems Karl Lattimer
2004-06-25 16:13 ` Juan Hernandez
2004-06-30 10:06 ` Karl Lattimer
2004-06-30 12:11 ` Ruprecht Helms
2004-06-30 13:26 ` Karl Lattimer
2004-06-30 14:15 ` Karl Lattimer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.