From: "linuxmc\@libero\.it" <linuxmc@libero.it>
To: netfilter <netfilter@vger.kernel.org>
Subject: Help me... please
Date: Fri, 1 Aug 2008 21:04:49 +0200 [thread overview]
Message-ID: <K4XRO1$60B3DD52CED09AAF46CAA0DC13BE33CD@libero.it> (raw)
Hi to all,
i'm a problem with an iptables firewall working on OpenSuse 10.3 - Kernel 2.6.22. I have created the firewall using FirewallBuilder 2.0.13.
The problem is this. On my firewall i have these two rules
echo "Rule 9 (global)"
#
#
#
$IPTABLES -N RULE_9
$IPTABLES -A INPUT -m mac --mac-source 00:1B:38:B1:9A:57 -m state --state NEW -j RULE_9
$IPTABLES -A INPUT -m mac --mac-source 00:0E:A6:C1:4E:18 -m state --state NEW -j RULE_9
$IPTABLES -A FORWARD -m mac --mac-source 00:1B:38:B1:9A:57 -m state --state NEW -j RULE_9
$IPTABLES -A FORWARD -m mac --mac-source 00:0E:A6:C1:4E:18 -m state --state NEW -j RULE_9
$IPTABLES -A RULE_9 -j LOG --log-level info --log-prefix "RULE 9 -- ACCEPT "
$IPTABLES -A RULE_9 -j ACCEPT
...that allow to go everywhere for the hosts with mac-address
00:1B:38:B1:9A:57 and 00:0E:A6:C1:4E:18....
and this rule (the last rule on the firewall)
# Rule 39 (global)
#
echo "Rule 39 (global)"
#
#
#
$IPTABLES -N RULE_39
$IPTABLES -A OUTPUT -j RULE_39
$IPTABLES -A INPUT -j RULE_39
$IPTABLES -A FORWARD -j RULE_39
$IPTABLES -A RULE_39 -j LOG --log-level info --log-prefix "RULE 39 -- DENY "
$IPTABLES -A RULE_39 -j DROP
#
that block all packet don't match the rule before.
When i try to navigate with these two host i experience very sloow speed and when i have investigated the log file of firewall i have discovered that some time the packets destinated to any web server (http://.... port 80) match the rule 9 (CORRECTLY).... and some time match rule 39 ( :(((( )
All the other hosts /networks defined in the firewall with ip-address instead mac-address works fine with internet.
Some ideas :))) Thank's to all.
Marco
next reply other threads:[~2008-08-01 19:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-01 19:04 linuxmc [this message]
2008-08-02 6:26 ` Help me... please Anatoly Muliarski
2008-08-02 8:10 ` Michele Petrazzo - Unipex srl
-- strict thread matches above, loose matches on Subject: below --
2008-08-02 8:57 linuxmc
2008-08-02 9:09 ` Michele Petrazzo - Unipex srl
2008-08-03 11:55 linuxmc
2008-08-03 12:12 linuxmc
2008-08-04 3:12 ` Anatoly Muliarski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='K4XRO1$60B3DD52CED09AAF46CAA0DC13BE33CD@libero.it' \
--to=linuxmc@libero.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox