| orsty9001 |
03-03-2013 02:05 PM |
Quote:
Originally Posted by foodown
(Post 4903818)
Please post the output of the following when executed as root:
Code:
ifconfig
route -n
iptables-save
|
Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 576
inet xx.xxx.xxx.xxx netmask 255.255.248.0 broadcast 255.255.255.255
ether 00:04:4b:05:71:76 txqueuelen 1000 (Ethernet)
RX packets 3239621 bytes 1751454322 (1.6 GiB)
RX errors 2002 dropped 0 overruns 2001 frame 1
TX packets 870903 bytes 102968145 (98.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::204:4bff:fe05:7177 prefixlen 64 scopeid 0x20<link>
ether 00:04:4b:05:71:77 txqueuelen 1000 (Ethernet)
RX packets 48670106 bytes 3406025407 (3.1 GiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 40039645 bytes 248158180873 (231.1 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 8061 bytes 1018138 (994.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8061 bytes 1018138 (994.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::92f6:52ff:fee5:780a prefixlen 64 scopeid 0x20<link>
ether 90:f6:52:e5:78:0a txqueuelen 1000 (Ethernet)
RX packets 373525 bytes 50509081 (48.1 MiB)
RX errors 0 dropped 6 overruns 0 frame 0
TX packets 521972 bytes 603511606 (575.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 75.137.104.1 0.0.0.0 UG 203 0 0 eth0
75.137.104.0 0.0.0.0 255.255.248.0 U 203 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
Code:
# Generated by iptables-save v1.4.17 on Sun Mar 3 15:02:38 2013
*mangle
:PREROUTING ACCEPT [50427081:4233318743]
:INPUT ACCEPT [48256809:2533844198]
:FORWARD ACCEPT [2165209:1696291459]
:OUTPUT ACCEPT [39289791:246663379284]
:POSTROUTING ACCEPT [41464498:248363194799]
COMMIT
# Completed on Sun Mar 3 15:02:38 2013
# Generated by iptables-save v1.4.17 on Sun Mar 3 15:02:38 2013
*nat
:PREROUTING ACCEPT [51285:5057327]
:INPUT ACCEPT [5709:1452664]
:OUTPUT ACCEPT [10972:2591861]
:POSTROUTING ACCEPT [3824:882512]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Sun Mar 3 15:02:38 2013
# Generated by iptables-save v1.4.17 on Sun Mar 3 15:02:38 2013
*filter
:INPUT DROP [969:58544]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [4395:371386]
:bad_packets - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_inbound - [0:0]
:tcp_outbound - [0:0]
:udp_inbound - [0:0]
:udp_outbound - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -j bad_packets
-A INPUT -d 224.0.0.1/32 -j DROP
-A INPUT -s 192.168.1.0/24 -i eth1 -j ACCEPT
-A INPUT -d 192.168.1.255/32 -i eth1 -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -j tcp_inbound
-A INPUT -i eth0 -p udp -j udp_inbound
-A INPUT -i eth0 -p icmp -j icmp_packets
-A INPUT -m pkttype --pkt-type broadcast -j DROP
-A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "INPUT packet died: "
-A INPUT -s 192.168.10.0/24 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j ACCEPT
-A FORWARD -j bad_packets
-A FORWARD -i eth1 -p tcp -j tcp_outbound
-A FORWARD -i eth1 -p udp -j udp_outbound
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "FORWARD packet died: "
-A FORWARD -s 192.168.10.0/24 -d 192.168.1.0/24 -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.10.0/24 -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.10.0/24 -i eth1 -o wlan0 -j ACCEPT
-A FORWARD -s 192.168.10.0/24 -d 192.168.1.0/24 -i wlan0 -o eth1 -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -s 192.168.10.0/24 -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -d 192.168.10.0/24 -i eth0 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m conntrack --ctstate INVALID -j DROP
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.1.1/32 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "OUTPUT packet died: "
-A OUTPUT -s 192.168.10.0/24 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -s 192.168.10.0/24 -j ACCEPT
-A OUTPUT -s 192.168.1.0/24 -j ACCEPT
-A bad_packets -s 192.168.1.0/24 -i eth0 -j LOG --log-prefix "Illegal source: "
-A bad_packets -s 192.168.1.0/24 -i eth0 -j DROP
-A bad_packets -m conntrack --ctstate INVALID -j LOG --log-prefix "Invalid packet: "
-A bad_packets -m conntrack --ctstate INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN
-A bad_tcp_packets -i eth1 -p tcp -j RETURN
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j LOG --log-prefix "New not syn: "
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A bad_tcp_packets -p tcp -j RETURN
-A icmp_packets -p icmp -f -j LOG --log-prefix "ICMP Fragment: "
-A icmp_packets -p icmp -f -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A icmp_packets -p icmp -j RETURN
-A tcp_inbound -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A tcp_inbound -p tcp -m tcp --dport 80 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 443 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 25 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 110 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 143 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 995 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 993 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 22 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 5000:5100 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 6891:6900 -j ACCEPT
-A tcp_inbound -p tcp -j RETURN
-A tcp_outbound -p tcp -j ACCEPT
-A udp_inbound -p udp -m udp --dport 137 -j DROP
-A udp_inbound -p udp -m udp --dport 138 -j DROP
-A udp_inbound -p udp -m udp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A udp_inbound -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A udp_inbound -p udp -j RETURN
-A udp_outbound -p udp -j ACCEPT
COMMIT
# Completed on Sun Mar 3 15:02:38 2013
|
