iptables help needed
Simon Slater
pyevet at aapt.net.au
Wed Jun 4 12:05:51 UTC 2008
On Wed, 2008-06-04 at 10:05 +0200, François Patte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Le 04.06.2008 01:03, Simon Slater a écrit :
>
> |> The evolution request has been done from the desktop, not from the
> |> laptop. Am I right? Packets are dropped because port 110 is not allowed
> |> by the script, but, up to now this is not the problem.
> |
> | Yes, Evolution runs on the desktop. I added port 110 to your script
> | under the SMPT and NEWS section last night and those packets are not
> | being logged now.
>
> And you can retrieve your mails!?
Yes, no worries there.
>
<SNIP>
All the changes made.
> rerun the script. If some requests to the Internet come from your
> laptop, there will some lines like this in the logs of your desktop:
>
> <quote>
> Jun 4 09:45:44 dipankar kernel: [IPTABLES MASQ]IN= OUT=ppp0
> SRC=192.168.1.4 DST=213.251.134.188 LEN=76 TOS=0x00 PREC=0x00 TTL=63
> ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56
> </quote>
>
These are the type of logs now. None of these are appearing in timeing
with requests to the Internet from the laptop:
[root at ipex ~]# tail /var/log/messages
Jun 4 21:41:35 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=5893 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:41:38 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=5938 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:41:44 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=6053 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:43:31 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=7676 DF PROTO=TCP SPT=63748 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:43:34 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=7723 DF PROTO=TCP SPT=63748 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:43:40 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=7806 DF PROTO=TCP SPT=63748 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:45:27 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=9354 DF PROTO=TCP SPT=63980 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:45:30 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=9389 DF PROTO=TCP SPT=63980 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:45:36 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=9469 DF PROTO=TCP SPT=63980 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 4 21:46:10 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=189.83.10.165 DST=59.101.218.205 LEN=78 TOS=0x00 PREC=0x00 TTL=106
ID=63625 PROTO=UDP SPT=1026 DPT=137 LEN=58
[root at ipex ~]#
However, when request to the Internet from the desktop:
Jun 4 21:59:31 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=3672 DF PROTO=TCP SPT=48673 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=14613 DF PROTO=TCP SPT=48674 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=56187 DF PROTO=TCP SPT=48675 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=34201 DF PROTO=TCP SPT=48676 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=14187 DF PROTO=TCP SPT=48677 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 4 21:59:33 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=16904 DF PROTO=TCP SPT=48678 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 4 21:59:40 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=134.178.63.140 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=54671 DF PROTO=TCP SPT=53263 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Which is what is expected from the laptop also, yes?
This is the session IP's:
Jun 4 18:17:39 ipex pppd[11903]: PAP authentication succeeded
Jun 4 18:17:39 ipex pppd[11903]: local IP address 59.101.218.205
Jun 4 18:17:39 ipex pppd[11903]: remote IP address 210.8.1.12
Jun 4 18:17:39 ipex pppd[11903]: primary DNS address 203.8.183.1
Jun 4 18:17:39 ipex pppd[11903]: secondary DNS address 192.189.54.33
> lsmod | grep -i masquerade
>
> There should be some kernel modules for masquerade (ipt_MASQUERADE,
> nf_nat, ...)
>
Is this how it should be?
[root at ipex ~]# lsmod | grep -i masquerade
ipt_MASQUERADE 7873 1
ip_nat 22253 2 ipt_MASQUERADE,iptable_nat
ip_conntrack 56993 6
ip_conntrack_ftp,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat,xt_state
x_tables 18501 12
ipt_MASQUERADE,iptable_nat,xt_state,ip_tables,xt_multiport,ip6_tables,xt_mark,xt_MARK,ipt_LOG,ipt_REJECT,ip6t_REJECT,xt_tcpudp
[root at ipex ~]#
Should this give something else?
[root at ipex ~]# netstat -M
netstat: no support for `ip_masquerade' on this system.
[root at ipex ~]#
Hope this makes more sense to you, I'm well over my head now.
--
Regards,
Simon
More information about the users
mailing list