Re: Probl?me sur Iptables
From: Jerome (longet_at_home-made.net)
Date: 02/13/04
- Next message: Owen Jacobson: "Re: Help needed with "Can't start server : UNIX Socket : Address family not supported by protocol""
- Previous message: Jerome: "Re: Probl?me sur Iptables"
- In reply to: Cameron Kerr: "Re: Probl?me sur Iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 13 Feb 2004 05:23:11 -0800
Escuse me, i forgot to send you an output of iptables-save :
# Generated by iptables-save v1.2.9 on Fri Feb 13 14:15:21 2004
*mangle
:PREROUTING ACCEPT [1142:168925]
:INPUT ACCEPT [23021:18805520]
:FORWARD ACCEPT [18524:7021735]
:OUTPUT ACCEPT [907:90025]
:POSTROUTING ACCEPT [37337:8848704]
COMMIT
# Completed on Fri Feb 13 14:15:21 2004
# Generated by iptables-save v1.2.9 on Fri Feb 13 14:15:21 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -i eth1 -p ! tcp -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i ppp0 -j LOG
-A INPUT -s 192.168.1.0/255.255.255.0 -i ppp0 -j DROP
-A INPUT -d 255.255.255.255 -i ppp0 -j ACCEPT
-A INPUT -d 81.248.160.248 -i ppp0 -j ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -o ppp0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.0/255.255.255.0 -o ppp0 -j LOG
-A FORWARD -d 192.168.1.0/255.255.255.0 -o ppp0 -j DROP
-A FORWARD -j LOG
-A FORWARD -j DROP
-A FORWARD -i ppp0 -o eth1 -p tcp -m tcp --dport 5900 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
-A OUTPUT -d 192.168.1.0/255.255.255.0 -o eth1 -j ACCEPT
-A OUTPUT -d 224.0.0.0/240.0.0.0 -o eth1 -p ! tcp -j ACCEPT
-A OUTPUT -d 192.168.1.0/255.255.255.0 -o ppp0 -j LOG
-A OUTPUT -d 192.168.1.0/255.255.255.0 -o ppp0 -j DROP
-A OUTPUT -d 255.255.255.255 -o ppp0 -j ACCEPT
-A OUTPUT -s 81.248.160.248 -o ppp0 -j ACCEPT
-A OUTPUT -j LOG
-A OUTPUT -j DROP
COMMIT
# Completed on Fri Feb 13 14:15:21 2004
# Generated by iptables-save v1.2.9 on Fri Feb 13 14:15:21 2004
*nat
:PREROUTING ACCEPT [57:4447]
:POSTROUTING ACCEPT [35:2299]
:OUTPUT ACCEPT [35:2299]
-A PREROUTING -d 81.248.160.248 -p tcp -m tcp --dport 5900 -j DNAT
--to-destination 192.168.1.10
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Fri Feb 13 14:15:21 2004
Perhaps it could help you.
Cameron Kerr <cameron.kerr@paradise.net.nz> wrote in message news:<402193d4@news.maxnet.co.nz>...
> Jerome <longet@home-made.net> wrote:
> > Ok, thanks for your answer. Here is my message translated :
> >
> > Hi,
> >
> > Ih have aproble using Iptable. In fact is use Iptable since 1 year on
> > a debian.
> >
> > My kernel version is : 2.4.19-686-smp.
> >
> > I have Nat and portforwarding Rules who worked well since 1 year. And
> > i don't know why, after one update of my system, each rule break down.
> > And now nothing is working.
> >
> > My debian computer is an Adsl routeur. All the rules allow me to be
> > connected on port as 5900 for exemple on an internal computer (behind
> > my firewall).
> >
> > I hope, somebody will be able to help me...
>
> You're not reinitialising the firewall.
>
> You should have something like the following.
>
> $iptables -t nat -F
> $iptables -t nat -X
> $iptables -F
> $iptables -X
>
> This gets rid of all of the rules in the nat and filter tables, and
> removes user-defined rules.
>
> If it still doesn't work, send us the output of "iptables -L"
- Next message: Owen Jacobson: "Re: Help needed with "Can't start server : UNIX Socket : Address family not supported by protocol""
- Previous message: Jerome: "Re: Probl?me sur Iptables"
- In reply to: Cameron Kerr: "Re: Probl?me sur Iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
