Quote:
Originally Posted by Mara
Can you repeat the situation when you can make a connection shortly after reboot? If so, reboot, open a terminal as root and run
iptables -L
to display complete firewall settings. Then wait until the problem occurs and run iptables -L again. Are the results different? If so, post them.
|
Hi Mara, thanks for your help, sorry it's taken me a couple days to reply.
I haven't been able to get it working again, even configuring Twinkle on another desktop from scratch. At least for about 30 seconds I seemed to be registered, until I tried to make a call. Then my registration dropped out, I couldn't make the call, and I got this message:
registration failed: 408 Request Timeout
Frustrating.
Here is the output from 'iptables -L'. First one is when it 'appeared' to be working, second is when it had stopped 'working'. Thanks.
[root@localhost mitchell]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Ifw 0 -- anywhere anywhere
eth0_in 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject 0 -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
eth0_out 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject 0 -- anywhere anywhere
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain Ifw (1 references)
target prot opt source destination
Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (2 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
Chain eth0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2fw 0 -- anywhere anywhere
Chain eth0_out (1 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain logdrop (0 references)
----------------------
Second instance (not working)
----------------------
[root@localhost mitchell]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Ifw 0 -- anywhere anywhere
eth0_in 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject 0 -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
eth0_out 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject 0 -- anywhere anywhere
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain Ifw (1 references)
target prot opt source destination
Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (2 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
Chain eth0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2fw 0 -- anywhere anywhere
Chain eth0_out (1 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdrop
ROP:'
DROP 0 -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere
Chain net2all (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2all
ROP:'
DROP 0 -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp dpt:5060
net2all 0 -- anywhere anywhere
Chain reject (11 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfs
ROP:'
DROP 0 -- 192.168.1.255 anywhere
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs
ROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs
ROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdrop
ROP:'
DROP 0 -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere
Chain net2all (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2all
ROP:'
DROP 0 -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp dpt:5060
net2all 0 -- anywhere anywhere
Chain reject (11 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs
ROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs
ROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere