[plug] ADSL Firewall, IP masq and games
Alan Graham
alan.graham at infonetsystems.com.au
Thu May 3 00:14:10 WST 2001
I wsn't sure of the netiquette on the list about large posts. I can't post the
rules themselves, because they're built on the fly by a Bastille Q&A config
file. I've put the output of the command ipchains -L -v at the bottom of this.
Apologies if this is too big for the list.
On Wed, 02 May 2001, Jason Nicholls
[snip]
>
> So you're saying with a simple masq only rule (no firewalling) it works fine,
> but with the firewalling rules it doesn't. Post the rules.
>
Thanks in advance
Alan
Chain input (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere fragmentation-needed
0 0 DENY all ------ 0xFF 0x00 !lo anywhere 127.0.0.0/8 n/a
477 169K ACCEPT all ------ 0xFF 0x00 lo anywhere anywhere n/a
167K 15M ACCEPT all ------ 0xFF 0x00 eth1 anywhere anywhere n/a
0 0 DENY all ------ 0xFF 0x00 any BASE-ADDRESS.MCAST.net/4 anywhere n/a
0 0 DENY all ------ 0xFF 0x00 eth0 anywhere 192.168.1.0/24 n/a
0 0 DENY all ------ 0xFF 0x00 eth0 192.168.1.0/24 anywhere n/a
0 0 DENY all ------ 0xFF 0x00 ppp+ anywhere 192.168.1.0/24 n/a
0 0 DENY all ------ 0xFF 0x00 ppp+ 192.168.1.0/24 anywhere n/a
128K 124M PUB_IN all ------ 0xFF 0x00 eth0 anywhere anywhere n/a
0 0 PUB_IN all ------ 0xFF 0x00 ppp+ anywhere anywhere n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
75880 5375K MASQ all ------ 0xFF 0x00 any 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT: 244841 packets, 239009366 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere fragmentation-needed
81780 5952K PUB_OUT all ------ 0xFF 0x00 eth0 anywhere anywhere n/a
0 0 PUB_OUT all ------ 0xFF 0x00 ppp+ anywhere anywhere n/a
Chain PUB_IN (2 references):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> telnet
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> ftp
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> imap2
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> pop3
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> finger
5 300 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> sunrpc
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> exec
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> login
0 0 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> linuxconf
1 48 - tcp -y--l- 0xFF 0x00 any anywhere anywhere any -> ssh
0 0 - udp ----l- 0xFF 0x00 any anywhere anywhere any -> 31337
22 4200 - icmp ----l- 0xFF 0x00 any anywhere anywhere echo-request
2893 162K ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere destination-unreachable
79 6636 ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere echo-reply
0 0 ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere time-exceeded
108 5638 ACCEPT tcp ------ 0xFF 0x00 any anywhere anywhere any -> ssh
22 4200 DENY icmp ------ 0xFF 0x00 any anywhere anywhere any -> any
119K 123M ACCEPT tcp !y---- 0xFF 0x00 any anywhere anywhere any -> any
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere any -> ircd:6669
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere any -> 6970
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere any -> 6971
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere any -> 32766:32786
0 0 ACCEPT udp ----l- 0xFF 0x00 eth0 anywhere 203.59.228.86 27999 -> 1024:65535
0 0 ACCEPT udp ----l- 0xFF 0x00 eth0 anywhere 203.59.228.86 28000 -> 1024:65535
0 0 ACCEPT udp ----l- 0xFF 0x00 eth0 anywhere 203.59.228.86 28001:29000 -> 1024:65535
0 0 DENY udp ------ 0xFF 0x00 any anywhere anywhere any -> nfsd
0 0 DENY udp ------ 0xFF 0x00 any anywhere anywhere any -> 6770
2451 192K DENY udp ------ 0xFF 0x00 any anywhere anywhere any -> netbios-ns
1445 253K ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere domain -> 1024:65535
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere domain -> 1024:65535
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere any -> ircd:6669
1019 726K DENY all ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au n/a
0 0 DENY all ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au n/a
0 0 DENY all ------ 0xFF 0x00 any anywhere 127.0.0.0/8 n/a
0 0 ACCEPT all ------ 0xFF 0x00 any 192.168.1.0/24 anywhere n/a
858 190K DENY all ------ 0xFF 0x00 any anywhere anywhere n/a
Chain PUB_OUT (2 references):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
84 8743 REJECT icmp ------ 0xFF 0x00 any anywhere anywhere destination-unreachable
0 0 REJECT icmp ------ 0xFF 0x00 any anywhere anywhere time-exceeded
81696 5944K ACCEPT all ------ 0xFF 0x00 any anywhere anywhere n/a
Chain INT_IN (0 references):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> ssh
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> ftp
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> netbios-ssn
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> www
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> https
0 0 ACCEPT tcp !y---- 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> https
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> netbios-dgm
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au any -> netbios-ns
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> ssh
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> ftp
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> netbios-ssn
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> www
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> https
0 0 ACCEPT tcp !y---- 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> https
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> netbios-dgm
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au any -> netbios-ns
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> ssh
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> ftp
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> netbios-ssn
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> www
0 0 ACCEPT tcp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> https
0 0 ACCEPT tcp !y---- 0xFF 0x00 any anywhere 127.0.0.0/8 any -> https
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> netbios-dgm
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere 127.0.0.0/8 any -> netbios-ns
0 0 ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere any -> any
0 0 ACCEPT tcp !y---- 0xFF 0x00 any anywhere anywhere any -> any
0 0 DENY udp ------ 0xFF 0x00 any anywhere anywhere any -> nfsd
0 0 DENY udp ------ 0xFF 0x00 any anywhere anywhere any -> 6770
0 0 DENY udp ------ 0xFF 0x00 any anywhere anywhere any -> netbios-ns
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere domain -> 1024:65535
0 0 ACCEPT udp ------ 0xFF 0x00 any anywhere anywhere domain -> 1024:65535
0 0 DENY all ------ 0xFF 0x00 any anywhere homer1.infonetsystems.com.au n/a
0 0 DENY all ------ 0xFF 0x00 any anywhere homer.infonetsystems.com.au n/a
0 0 DENY all ------ 0xFF 0x00 any anywhere 127.0.0.0/8 n/a
0 0 ACCEPT all ------ 0xFF 0x00 any 192.168.1.0/24 anywhere n/a
0 0 DENY all ------ 0xFF 0x00 any anywhere anywhere n/a
Chain INT_OUT (0 references):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT icmp ------ 0xFF 0x00 any anywhere anywhere any -> any
0 0 ACCEPT all ------ 0xFF 0x00 any anywhere anywhere n/a
More information about the plug
mailing list