> Did u tried test without your firewall, i mean connected directly to the
> modem. Maybe the problem could really be on the software and u will spend
> your time for nothing.
The problem persists even after I dropped all my firewall rules, so I had this
output, which I believe means I have a totally open gateway:
adam@isengard:~/tmp$ sudo /etc/init.d/iptables status
nat table:
Chain PREROUTING (policy ACCEPT 18 packets, 864 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
18 864 MASQUERADE all -- * eth1 192.168.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
filter table:
Chain INPUT (policy ACCEPT 63 packets, 6842 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 258 packets, 46510 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 65 packets, 5140 bytes)
pkts bytes target prot opt in out source destination
mangle table:
Chain PREROUTING (policy ACCEPT 321 packets, 53352 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 6424K packets, 1137M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 12M packets, 2037M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 65 packets, 5140 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 18M packets, 3073M bytes)
pkts bytes target prot opt in out source destination
Am I correct that iptables will let everything through like this? The software
is not on the gateway, which is why I still need forwarding.
There is also the DSL modem iptables, and that status looks like this after I
manually dropped all its rules:
BusyBox v0.61.pre (2004.06.18-02:49+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 381K packets, 23M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3919 packets, 379K bytes)
pkts bytes target prot opt in out source destination
340K 20M MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# iptables -t filter -L -n -v
Chain INPUT (policy ACCEPT 54834 packets, 5580K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 11M packets, 1776M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 74120 packets, 13M bytes)
pkts bytes target prot opt in out source destination
# iptables -t mangle -L -n -v
modprobe: could not parse modules.dep
iptables v1.2.6a: can't initialize iptables table `mangle': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
PS going back on-list with this, assuming going off-list was unintended
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4CC1E93A.7040803@cyberspaceroad.com
No comments:
Post a Comment