Re: iptables help needed



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 04.06.2008 14:05, Simon Slater a écrit :
| On Wed, 2008-06-04 at 10:05 +0200, François Patte wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Le 04.06.2008 01:03, Simon Slater a écrit :
|>
|

|>
| These are the type of logs now. None of these are appearing in timeing
| with requests to the Internet from the laptop:
|
| [root@ipex ~]# tail /var/log/messages
| Jun 4 21:41:35 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
| SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
| ID=5893 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
| Jun 4 21:41:38 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
| SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
| ID=5938 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0

Someone in Tahiti is scanning your computer.... No danger though!

| [root@ipex ~]#
|
| However, when request to the Internet from the desktop:
|
| Jun 4 21:59:31 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
| SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
| ID=3672 DF PROTO=TCP SPT=48673 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

no problem here: evry packet excaping from your desktop uses the
"postrouting" chain.... And is logged by the rule.

What is strange: we never see any request from the laptop: we should see
some logged packets with SRC=laptop IP (192.168.0.6 as you said). What
is the IP of eth0 on yor desktop? (ifconfig -a)
|
| [root@ipex ~]# lsmod | grep -i masquerade
| ipt_MASQUERADE 7873 1
| ip_nat 22253 2 ipt_MASQUERADE,iptable_nat
| ip_conntrack 56993 6
|
ip_conntrack_ftp,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat,xt_state
| x_tables 18501 12
|
ipt_MASQUERADE,iptable_nat,xt_state,ip_tables,xt_multiport,ip6_tables,xt_mark,xt_MARK,ipt_LOG,ipt_REJECT,ip6t_REJECT,xt_tcpudp

OK


| [root@ipex ~]#
|
| Should this give something else?
|
| [root@ipex ~]# netstat -M
| netstat: no support for `ip_masquerade' on this system.

I think that this is a deprecated option or that it doesn't work with
iptables... maybe some backward compatibility with ipchains....



- --
François Patte
UFR de mathématiques et informatique
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 44 55 35 61
http://www.math-info.univ-paris5.fr/~patte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFIRtFjdE6C2dhV2JURApK2AKDThwdMxsghOdBc6m+qLVCmR8t8gACghXI1
/OuB0PNT6PcCLvglTsfGzbw=
=x69t
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages