Re: Help I am getting frustrated
On Tue, 25 Sep 2001, Robert Schweikert wrote:
> Tzafrir Cohen wrote:
>
> > On Sat, 22 Sep 2001, Robert Schweikert wrote:
> >
> > > I would like to switch to Debian, and once this is accomplished I'd like
> > > to helpwith the project. However, switching has been much more
> > > difficult than I anticipated. Anyway, right now I am trying to figure
> > > out why I cannot get any packages from the internet. It appears that
> > > there is a firewall running somewhere. I did not intentionally set that
> > > up and I cannot figure out how to turn it off. Here are the messages
> > > that are being logged.
> > >
> > > Sep 20 17:10:41 journey kernel: Packet log: input DENY ppp0PROTO=2
> > > 209.247.23.242:65535 224.0.0.1:65535 L=28 S=0x00 I=31895 F=0x0000 T=1
> > > (#6)
> >
> > Some broadcast. Is 209.247.23.242 one of your interfaces or a computer
> > near you?
>
> Don't know, could be the IP from my ISP.
Yes or no?
Anyway, with lack of evidence pointing otherwise, it seems that this is
just some rejected internet traffic, that can be ignored.
>
> >
> >
> > > Sep 20 17:48:23 journey kernel: Packet log: input DENY eth0 PROTO=17
> > > 192.168.1.2:138 192.168.255.255:138 L=205 S=0x00 I=50609 F=0x0000 T=128
> > > (#6)
> >
> >Part of the SMB traffic on your local network.
>
> Any idea how I get rid of this? After I flushed ipchains this appeared to go
> away.
What do you mean by "get rid of those"? Should your firewall be able to
connect to other computers via SMB? If not, you can even try something as
permissive as:
$IPCHANS -I input -p udp --interface eth0 --sport 135 -J DENY
$IPCHANS -I input -p udp --interface eth0 --sport 137:139 -J DENY
$IPCHANS -I input -p tcp --interface eth0 --sport 137:139 -J DENY
Note that those are not logged. They are also untested. In practiceyou can
use something less general.
>
> >
> >
> > >
> > > As can be seen, Idid succeed in getting ppp to dial in and connect to
> > > my ISP, but that's the end of it. It appears as if everything coming
> > > into the machine gets rejected. WHy? and how do I turn this off.
> >
> > Is that all the traffic that gets rejected?
>
> Well I think I am a step closer in diagnosing the problem but I still need
> some help. When I connect to my ISP the ISP's IP address is printed to the
> log file. I can ping that IP address and all works fine. However, when I try
> to ping my ISP's nameserver IP it fails. I think I might have a name
> resolution issue.
No. pinging to the _IP_ of the name server does not require name
resolution.
Maybe a routing issue? ppp0 is not your default route? (the route for
'0.0.0.0' in the output of 'netstat -r -n')
How do you connect to your ISP?
> > Yo get a list of local ipchains ruls run 'ipchains -L -n' ('-n' is so you
> > won't waste a couple of minutes resolving names of IPs).
>
> The out put looked as follows
>
> Chain input (policy DENY):
> target prot opt source destination ports
> ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> DENY all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 255.255.255.255 n/a
> ACCEPT all ------ 0.0.0.0/0 192.168.1.1 n/a
> ACCEPT all ------ 0.0.0.0/0 192.168.1.255 n/a
> DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
> Chain forward (policy DENY):
> target prot opt source destination ports
> DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
> MASQ all ------ 192.168.1.0/24 0.0.0.0/0 n/a
> Chain output(policy DENY):
> target prot opt source destination ports
> ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> ACCEPT all ------ 192.168.1.1 0.0.0.0/0 n/a
> ACCEPT all ------192.168.1.255 0.0.0.0/0 n/a
> DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
Sorry, but I don't get this: what are those two "allow-all" rules in the
beginning of the inout and the output chains?
Anyway: what script/program exactly do you use to generate those rules?
--
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir
Reply to: