View Single Post
  #5  
Old 13th August 2008, 23:54
princeu28 princeu28 is offline
Junior Member
 
Join Date: Aug 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ralic View Post
If it's a production box, get professional help. Anything you copy/paste from the net without understanding could jeopardise your system.

The most likely firewall would be iptables based. To check if there are any rules configured for the various tables, use the following bash for command as root. The output below the command shows no rules and default policy of ACCEPT, meaning nothing is being blocked and the firewall is effectively disabled.

Code:
user@host:~$ for TABLE in filter nat mangle raw; do echo "Listing table data for: $TABLE"; iptables -t $TABLE -L; echo " "; done
Listing table data for: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
 
Listing table data for: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
 
Listing table data for: mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
 
Listing table data for: raw
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Any iptables output other than what you see above, except for an error, likely means that there are some kind of firewall rules in place.
I understand you point & agrees that regarding getting professional , its like that I work on this system on daily basis as root user but only on the application installed on this system and as far as linux part is considered its also installed as part of my work but never ever faced such a problem with bundle solution and was wondering if its something simple then I can sort it out .

Here is the iptable , can you see anything in iptable setting which will only allow one icmp request & will refuse more then one

# Generated by iptables-save v1.2.11 on Wed Aug 13 10:01:23 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug 13 10:01:23 2008
# Generated by iptables-save v1.2.11 on Wed Aug 13 10:01:23 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LIMIT_TEST - [0:0]
-A INPUT -m state --state INVALID -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/255.0.0.0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LIMIT_TEST
-A INPUT -p ipv6 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 17 -j DROP
-A INPUT -p icmp -f -j DROP
-A INPUT -p icmp -m icmp --icmp-type 10 -j DROP
-A INPUT -d 255.255.255.255 -p icmp -j DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unr
eachable
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A INPUT -p udp -m udp --dport 389 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 636 -j ACCEPT
-A INPUT -p udp -m udp --dport 636 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22600 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22700 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22800 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23101 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23120 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23121 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23130 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23131 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23140 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23141 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23150 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23151 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23160 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23161 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23200 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23201 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23220 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23221 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23240 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23241 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23260 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23261 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23280 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23281 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23320 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23321 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23370 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23371 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1024:63353 -j ACCEPT
-A INPUT -p udp -m udp --dport 1024:63353 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable

-A INPUT -p igmp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable

-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 5/min -j LOG
--log-prefix "Firewalled packet:"
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j DROP
-A FORWARD -m state --state INVALID -j REJECT --reject-with icmp-port-unreachabl
e
-A FORWARD -o eth0 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-po
rt-unreachable
-A FORWARD -o eth1 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-po
rt-unreachable
-A FORWARD -o ppp0 -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-u
nreachable
-A FORWARD -o ppp0 -p tcp -m tcp --dport 138 -j REJECT --reject-with icmp-port-u
nreachable
-A FORWARD -o ppp0 -p tcp -m tcp --dport 139 -j REJECT --reject-with icmp-port-u
nreachable
-A FORWARD -o ppp0 -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-u
nreachable
-A FORWARD -o ppp0 -p udp -m udp --dport 138 -j REJECT --reject-with icmp-port-u
nreachable
-A FORWARD -o ppp0 -p udp -m udp --dport 139 -j REJECT --reject-with icmp-port-u
nreachable
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
-A FORWARD -i eth1 -o ppp0 -j ACCEPT
-A FORWARD -i eth2 -o ppp0 -j ACCEPT
-A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 5/min -j L
OG --log-prefix "Firewalled packet:"
-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
-A FORWARD -j DROP
-A OUTPUT -j ACCEPT
-A LIMIT_TEST -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 50/sec
--limit-burst 75 -j RETURN
-A LIMIT_TEST -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
COMMIT
# Completed on Wed Aug 13 10:01:23 2008
Reply With Quote