* logging and pinging localhost
@ 2003-08-07 17:51 Rob Verduijn
2003-08-08 6:25 ` Ralf Spenneberg
0 siblings, 1 reply; 2+ messages in thread
From: Rob Verduijn @ 2003-08-07 17:51 UTC (permalink / raw)
To: netfilter
Hi there,
Im running iptables on redhat 9
I'm trying to figure out why some of my rules don't work and if they are
being dropped and if so by which rule.
First I tried to log everything with the following 2 lines
iptables -A INPUT -j LOG
iptables -A OUTPUT -j LOG
which gave me zilcho in my /var/log/messages
then I tried the following lines
$IPTABLES -A INPUT -i $EXTERNAL_INT -j LOG --log-level debug
$IPTABLES -A INPUT -i $INTERNAL_INT -j LOG --log-level debug
$IPTABLES -A INPUT -i lo -j LOG --log-level debug
$IPTABLES -A OUTPUT -o $EXTERNAL_INT -j LOG --log-level debug
$IPTABLES -A OUTPUT -o $INTERNAL_INT -j LOG --log-level debug
$IPTABLES -A OUTPUT -o lo -j LOG --log-level debug
IPTABLES=/sbin/iptables
EXTERNAL_INT=eth1
INTERNAL_INT=eth0
still zilcho logging
the log rules are the first lines in my script
the default policy that I set is drop
$IPTABLES -t filter -P INPUT DROP
$IPTABLES -t filter -P OUTPUT DROP
$IPTABLES -t filter -P FORWARD DROP
$IPTABLES -t nat -P PREROUTING DROP
$IPTABLES -t nat -P POSTROUTING DROP
$IPTABLES -t nat -P OUTPUT DROP
$IPTABLES -t mangle -P PREROUTING DROP
$IPTABLES -t mangle -P POSTROUTING DROP
$IPTABLES -t mangle -P INPUT DROP
$IPTABLES -t mangle -P OUTPUT DROP
$IPTABLES -t mangle -P FORWARD DROP
I also read that the following allows all the localtraffic
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
but why can't I ping localhost?????
Please Help
Rob
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: logging and pinging localhost
2003-08-07 17:51 logging and pinging localhost Rob Verduijn
@ 2003-08-08 6:25 ` Ralf Spenneberg
0 siblings, 0 replies; 2+ messages in thread
From: Ralf Spenneberg @ 2003-08-08 6:25 UTC (permalink / raw)
To: Rob Verduijn; +Cc: Netfilter
Am Don, 2003-08-07 um 19.51 schrieb Rob Verduijn:
> the default policy that I set is drop
> $IPTABLES -t filter -P INPUT DROP
> $IPTABLES -t filter -P OUTPUT DROP
> $IPTABLES -t filter -P FORWARD DROP
> $IPTABLES -t nat -P PREROUTING DROP
> $IPTABLES -t nat -P POSTROUTING DROP
> $IPTABLES -t nat -P OUTPUT DROP
> $IPTABLES -t mangle -P PREROUTING DROP
> $IPTABLES -t mangle -P POSTROUTING DROP
> $IPTABLES -t mangle -P INPUT DROP
> $IPTABLES -t mangle -P OUTPUT DROP
> $IPTABLES -t mangle -P FORWARD DROP
Don't do this. The mangle and the nat table are only for mangling and
natting. Please only filter in the filter table. Once you have
understood why some packets traverse the nat table and others do not you
may think about filtering in the nat table, but I would advise against
it.
The above rules are only useful if you do not want any traffic on your
machine, like a panic situation.
>
> I also read that the following allows all the localtraffic
> $IPTABLES -A INPUT -i lo -j ACCEPT
> $IPTABLES -A OUTPUT -o lo -j ACCEPT
>
> but why can't I ping localhost?????
Because those packets still pass the nat and the mangle table. You drop
everything there.
Remove the DROP rules in the nat and mangle table.
Cheers,
Ralf
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-08-08 6:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-07 17:51 logging and pinging localhost Rob Verduijn
2003-08-08 6:25 ` Ralf Spenneberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox