View Single Post
  #3  
Old 27th April 2006, 22:17
teleriddler teleriddler is offline
Junior Member
 
Join Date: Dec 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default IPTables

OK

So after some checking I turned off IPtables and everything started working.

I did not add entries to my iptables but maybe someone can help me understand what is going on.

The "Parole" entries did not used to be there:

Here is the output of my iptables:


-------------------------------------
Table: filter
Chain BLACKLIST (0 references)
target prot opt source destination
DROP all -- 59.36.96.102 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 127.0.0.0/8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 224.0.0.0/4 0.0.0.0/0
PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0

Chain PAROLE (9 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:81
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Table: mangle
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Table: nat
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
-------------------------------------
After stopping IPTables and restarting here is the output

-------------------------------------

Table: filter
Chain BLACKLIST (1 references)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'

Chain INPUT (policy ACCEPT)
target prot opt source destination
BLACKLIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'

Table: mangle
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Table: nat
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

[root@keynes etc]# /etc/init.d/iptables status
Table: filter
Chain BLACKLIST (1 references)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'

Chain INPUT (policy ACCEPT)
target prot opt source destination
BLACKLIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'

Table: mangle
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Table: nat
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

-----------------------------------------------------

Current IPTables file contents:
-----------------------------------------------------

# Generated by iptables-save v1.3.0 on Wed Feb 8 04:50:42 2006
*nat
:OUTPUT ACCEPT [2499:173702]
:POSTROUTING ACCEPT [2499:173702]
:PREROUTING ACCEPT [4854:708276]
COMMIT
# Completed on Wed Feb 8 04:50:42 2006
# Generated by iptables-save v1.3.0 on Wed Feb 8 04:50:42 2006
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [150545:167915507]
:OUTPUT ACCEPT [98885:17152842]
:POSTROUTING ACCEPT [98885:17152842]
:PREROUTING ACCEPT [150545:167915507]
COMMIT
# Completed on Wed Feb 8 04:50:42 2006
# Generated by iptables-save v1.3.0 on Wed Feb 8 04:50:42 2006
*filter
:BLACKLIST - [0:0]
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [150574:167918854]
:OUTPUT ACCEPT [98928:17195262]
-A FORWARD -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A FORWARD -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
COMMIT
# Completed on Wed Feb 8 04:50:42 2006
--------------------------------------------

I am running SSHBlacklist but that is the only program that can make additions to the IPTables.

This is really odd. Restarting seemed to clear up the configuration, even though I rebooted multiple times and that never cleared anything up.

I consider this case solved but would like input about the mysterious entries if anyone has any theories.

TR
Reply With Quote