Ok,thank you for your answers. I will try to sum up mine.It is true that it is not me who wrote the firewall script and that I do not understand what all rules do.I tried different solutions that you proposed but none works, from localhost, local network or from the internet. The 8080 port remains closed. i did not try to upgrade my kernel. Actually, I am a little bit frightened to this idea. is it really riskless ?Finally this is the result of 'iptables -t filter -L -n -v' command:Chain INPUT (policy DROP 17 packets, 1088 bytes)pkts bytes target prot opt in out source destination0 0 ACCEPT tcp -- eth1 * 192.168.0.3 0.0.0.0/0 tcp dpt:220 0 ACCEPT tcp -- eth1 * 192.168.0.12 0.0.0.0/0 tcp dpt:220 0 ACCEPT tcp -- eth1 * 192.168.0.31 0.0.0.0/0 tcp dpt:220 0 ACCEPT tcp -- eth1 * 192.168.0.28 0.0.0.0/0 tcp dpt:22162 18088 ACCEPT all -- eth1 * 192.168.0.0/24 0.0.0.0/04 156 ACCEPT all -- lo * 192.168.0.1 0.0.0.0/08 528 ACCEPT all -- lo * 193.51.128.146 0.0.0.0/0140 10422 ACCEPT all -- * * 0.0.0.0/0 193.51.128.146 state RELATED,ESTABLISHED0 0 DROP all -- eth0 * 0.0.0.0/0 224.0.0.0/83 192 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT INPUT packet died: 'Chain FORWARD (policy DROP 0 packets, 0 bytes)pkts bytes target prot opt in out source destination0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT FORWARD packet died: 'Chain OUTPUT (policy DROP 0 packets, 0 bytes)pkts bytes target prot opt in out source destination166 16632 ACCEPT all -- * * 192.168.0.1 0.0.0.0/0120 16559 ACCEPT all -- * * 193.51.128.146 0.0.0.0/00 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT OUTPUT packet died: 'Chain allowed (20 references)pkts bytes target prot opt in out source destinationChain bad_tcp_packets (3 references)pkts bytes target prot opt in out source destination1 40 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW LOG flags 0 level 4 prefix `New not syn:'Chain icmp_packets (1 references)pkts bytes target prot opt in out source destinationChain tcp_packets (1 references)pkts bytes target prot opt in out source destination0 0 allowed tcp -- eth0 * 195.221.162.126 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 81.57.83.190 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 193.52.24.125 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 129.175.58.218 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 82.230.68.31 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 82.246.152.215 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 86.67.133.75 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 88.171.133.128 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 157.136.22.133 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 129.104.48.4 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 129.104.48.5 0.0.0.0/0 tcp dpt:220 0 allowed tcp -- eth0 * 129.104.48.3 0.0.0.0/0 tcp dpt:220 0 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 LOG flags 0 level 7 prefix `IPT INPUT SSH FORBIDDEN: 'Chain udp_packets (1 references)pkts bytes target prot opt in out source destination0 0 DROP udp -- eth0 * 0.0.0.0/0 193.51.128.151 multiport ports 513,6310 0 DROP udp -- eth0 * 0.0.0.0/0 193.51.128.151 udp dpts:135:1390 0 DROP udp -- eth0 * 0.0.0.0/0 255.255.255.255 udp dpts:67:68Joan_________________
Post-doc GENNETECProgramme d'Épigénomique, Genopole®Tour Évry2, 10è étage523 Terrasses de l'Agora91034 ÉVRY cedexTél : +33 (0)1 69 47 44 34Fax : +33 (0)1 69 47 44 37________________________________________________________________________
Le 7 juin 07 à 16:51, Németh Tamás a écrit :'iptables -t filter -L -n -v