[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Firewall problems



Sorry I forgot the subject

> The hdd from my server died for 4 weeks ago. Bought a new one and
> installed debian 3.0r1. When I want to load the firewall from a
> remote ssh client the connection dies (PuTTY). So I added a monitor
> and a keyboard to the server and again I loaded the firewall. It
> wents fine, but from that point I can't ping the server anymore, a
> remote login isn't anymore possible, only after a reboot. If I do a
> portscan at the ports 1-1024 after the reboot the result is:      
> 
> Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap ) Interesting
> ports on h231002.upc-h.chello.nl (62.194.231.2): (The 1010 ports
> scanned but not shown below are in state: closed) Port       State   
> Service 9/tcp      open        discard 13/tcp     open        daytime
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 37/tcp     open        time
> 111/tcp    open        sunrpc
> 113/tcp    open        auth
> 135/tcp    filtered    loc-srv
> 137/tcp    filtered    netbios-ns
> 138/tcp    filtered    netbios-dgm
> 139/tcp    filtered    netbios-ssn
> 445/tcp    filtered    microsoft-ds
> 515/tcp    open        printer
> 1024/tcp   open        kdm
> 
> Before the crash the list with open ports was much shorter. I think
> it has to do with the package ipmasq wich is installed too, or a
> _supervisor firewall_ . But when I remove ipmasq, the computers
> behind the server can't go on the Internet.   
> 
> Does someone know why the firewall doesn't work and how to fix this?
> 
> HTH,
> 
> -WJ
> 
> Windows: Where do you want to go today?
> MacOS: Where do you want to be tomorrow?
> Linux: Are you coming or what?



Windows: Where do you want to go today?
MacOS: Where do you want to be tomorrow?
Linux: Are you coming or what?
echo -n "IPTables Firewall."
IPTABLES="/sbin/iptables"

#FLUSH
echo -n "Flush all tables."
$IPTABLES --flush
echo -n "."
$IPTABLES --table nat --flush
echo -n "."
$IPTABLES --delete-chain
echo -n "."
$IPTABLES --table nat --delete-chain
echo ". done"

echo -n " Setting up masquerading rules."
# Set up IPFORWARDing and Masquerading
$IPTABLES --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
echo -n "."
$IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT
echo ". done"

echo -n "Setting rules for loopback device."
# Allow loopback access.
$IPTABLES -A INPUT -i lo -p all -j ACCEPT
echo -n "."
$IPTABLES -A OUTPUT -o lo -p all -j ACCEPT
echo -n "."

echo -n "Setting rules for eth0 device."
# accept established connections
$IPTABLES -A INPUT -i eht0 -m state --state ESTABLISHED,RELATED -j ACCEPT
echo -n "."
#$IPTABLES -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
#echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 25 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 25 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 110 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 110 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 65500:65535 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 65500:65535 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p icmp -i eth0 -j ACCEPT
echo ". done"

echo -n " Setting rules for eth1 device."
# Accept all incoming connections
$IPTABLES -A INPUT -i eth1 -p all -j ACCEPT
echo ". done"

echo -n " Drop all other connection attempts."
$IPTABLES -P INPUT DROP
echo ". done"
BEGIN:VCARD
VERSION:2.1
N;ENCODING=QUOTED-PRINTABLE:;=01
REV:20030401T143122Z
END:VCARD

Reply to: