LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-11-2003, 02:18 PM   #1
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Rep: Reputation: 15
Unhappy iptables issue


Ive recently been reading and trying to comprehend iptables, a read a howto on ipchains and seems very similar, but I am having troubles with this very simple setup i made. Here are some snip-its from my iptables-save file I created and a iptables -L

# Generated by iptables-save v1.2.7a on Mon Aug 11 10:26:24 2003
*filter
:INPUT ACCEPT [974:89406]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1065:163976]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 33000:44000 -j ACCEPT
-A INPUT -p tcp -j DROP
COMMIT
# Completed on Mon Aug 11 10:26:24 2003

-----------------

level:/etc # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ident
ACCEPT tcp -- anywhere anywhere tcp dpt:hbci
ACCEPT tcp -- anywhere anywhere tcp dpts:33000:44000
DROP tcp -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

------

my issue is I had created a eggdrop which isn't making any connections unless I do a iptables -F

------bot snip-its
[11:15] main: entering loop
[11:15] DNS resolved slamin.ravepimp.com to 66.252.10.159
[11:15] Trying server irc.Qeast.net:6667
[11:15] DNS resolved irc.Qeast.net to 205.210.145.2
[11:17] Timeout: connect to irc.Qeast.net
[11:17] Trying server irc.carrier1.net.uk:6667
[11:17] DNS resolve failed for irc.carrier1.net.uk
[11:17] Failed connect to irc.carrier1.net.uk (DNS lookup failed)

everything seems to timeout, until I flush the tables, The tables I thought were pretty simple and wouldnt conflict since my OUTPUT chain is clear? What am I missing?
 
Old 08-11-2003, 03:00 PM   #2
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Rep: Reputation: 30
i'm not clear on what an eggdrop is, but i recommend that if you're having troubles w/ iptables you use the LOG target to track down problems. to do this, insert a rule (with appropriate chain title) that looks as follows:

iptables -A INPUT -p ALL -i eth0 -j LOG --log-prefix "packet gets to rule X "

replace eth0 with your internet interface and then look through your syslog (issue "#cat /var/log/syslog | less") for messages with a header matching that in the above rule. if messages show up in syslog, then you know that the packet got at least as far as the LOG rule. use this to track packets.

if you could clarify what you mean by eggdrop and/or what your internet situation is, i could help more.

gl,
y-p
 
Old 08-11-2003, 05:50 PM   #3
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Original Poster
Rep: Reputation: 15
Ok I went back and created a a log for the input chain, here is a copy. Im going to ping www.blanks.us for a test and reference..

-------------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ident
ACCEPT tcp -- anywhere anywhere tcp dpts:33000:44000
DROP tcp -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `testx '

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------------------------

PING blanks.us (66.252.10.247) 56(84) bytes of data.
64 bytes from 66.252.10.247: icmp_seq=1 ttl=47 time=62.5 ms
64 bytes from 66.252.10.247: icmp_seq=5 ttl=47 time=94.9 ms
64 bytes from 66.252.10.247: icmp_seq=6 ttl=47 time=74.0 ms
64 bytes from 66.252.10.247: icmp_seq=7 ttl=47 time=84.1 ms
64 bytes from 66.252.10.247: icmp_seq=8 ttl=47 time=60.5 ms
64 bytes from 66.252.10.247: icmp_seq=10 ttl=47 time=68.9 ms
^X^H64 bytes from 66.252.10.247: icmp_seq=11 ttl=47 time=58.8 ms

--- blanks.us ping statistics ---
11 packets transmitted, 7 received, 36% packet loss, time 34519ms
rtt min/avg/max/mdev = 58.852/71.991/94.913/12.416 ms
------

here is the log from /var/log/messages
------------------
Aug 11 14:37:52 level kernel: testx IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:08:00:20:a2:f7:84:08:00 SRC=128.82.6.17$SRC=128.82.6.176 DST=128.82.6.255 LEN=78 TOS=0x00 PREC=0x00 TTL=1 ID=55261 DF PROTO=UDP SPT=137 DPT=137$ LEN=58

Aug 11 14:41:12 level kernel: testx IN=eth0 OUT= MAC=00:04:75:90:b0:8e:00:01:30:f3:cf:70:08:00 SRC=66.252.10.247 DST=128.82.6.231 LEN=84 TOS=0x00 PREC=0x00 TTL=47 ID=49102 DF PROTO=ICMP TYPE=0 CODE=0 ID=29447 SEQ=1

--------
those were just two lines of many, I would copy all of them but they clear my screen enabling me to copy most of it. My goal with my iptables is to filter incoming and allow all out, eggdrop is just a bot program i use for irc. When I run it and I have my iptables the way they are it can not connect to anything out side, and when i bring the iptables down, and allow it to go back online, then restart my iptables it pings out offline. I am unclear what i am doing wrong in my chain definitions.
 
Old 08-11-2003, 07:58 PM   #4
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p ALL -i lo -j ACCEPT

iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED, RELATED -j ACCEPT

iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j ACCEPT

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -o eth0 -j ACCEPT


You can give that a go and see if it works for you if you want, assuming eth0 is your internet connection.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wierd IPtables issue bhughesiii Linux - Security 5 12-20-2004 06:54 AM
Nother iptables issue shadowvyce Linux - Security 8 11-11-2004 11:34 AM
iptables invert issue lappen Linux - Software 8 09-26-2004 02:19 PM
iptables ssh issue computergeek84 Linux - Security 16 01-08-2004 12:15 PM
iptables issue rkemp Linux - Networking 3 11-29-2003 06:50 PM


All times are GMT -5. The time now is 03:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration