Hello guys
I come to you after failing to find an answer either by googling or trying "home made workarrounds"
For more than a year i have been using the following hardware as a home server:
atlon64 3500+
2gb ddr400
hdd 160gb
hdd 1tb (for my home pcs backup)
onboard LAN: internet (right now i have ADSL, with a huawei MT882 in bridge mode, my server "dials")
4 gigabit ethernet cards: bridged, acting as a gigabit switch (rigt now i only use 2 of them for pcs, one for a wifi router, the other one is free)
The server runs Debian 5.0.* with: apache, iptables, dnsmasq (dns and dhcp), vnc, phpmyadmin, mysql, torrentflux, jdownloader, SQUID, SANE (new addition, problems started way before it), and probably more stuff.
It also shares an Epson printer/scanner, but i failed to properly share the scanner, so i use it through VNC (phpSANE more or less worked, but not fully).
My problem is that for some reason, at random times, my iptables rules are changed/flushed, and replaced by this:
Code:
alpha:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- loopback/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- 10.0.0.0/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
DROP all -- 192.168.1.0/24 anywhere
DROP all -- 10.0.0.0/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere host89.190-139-215.telecom.net.ar
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.1.0/24 192.168.1.0/24
ACCEPT all -- 10.0.0.0/24 192.168.1.0/24
ACCEPT all -- 192.168.1.0/24 10.0.0.0/24
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- 10.0.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
DROP all -- anywhere 192.168.1.0/24
DROP all -- anywhere 10.0.0.0/24
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.1.0/24
ACCEPT all -- anywhere 10.0.0.0/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere 192.168.1.0/24 LOG level warning
DROP all -- anywhere 192.168.1.0/24
LOG all -- anywhere 10.0.0.0/24 LOG level warning
DROP all -- anywhere 10.0.0.0/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- host89.190-139-215.telecom.net.ar anywhere
DROP all -- anywhere anywhere
The server keeps working, and i only notice if i try to ssh/vnc/something from outside to my custom ports for those protocols, and i fail, then i try on the stock ones, and it works... (i left the default ports on each configuration, but redirected them using iptables).
Another chance for noticing, is when my brother is unable to host a warcraft3 game, and asks me to reload the iptables rules (he now knows what he has to ask :P )
I have no idea whats going on
i even aded a cronjob in crontab (for the root user) to reload the rules every 30 minutes, then 15, then 5 (i also made it log something, so i was sure it was working), but it worked for a while (on each periodicity), and then stoped working too, so now im back at manual reloading.
All my pcs have their own firewall too, just in case.