Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]

To: debian-user@lists.debian.org
Subject: Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
Date: Sat, 02 Jan 2010 14:53:59 -0500
Message-id: <[🔎] 4B3FA457.7020506@gmail.com>
In-reply-to: <[🔎] 4B3F352C.9080403@hardwarefreak.com>
References: <[🔎] 4B3D5685.5090900@gmail.com> <[🔎] 4B3D6326.6040209@hardwarefreak.com> <[🔎] 4B3D7043.6000601@gmail.com> <[🔎] 4B3D730D.9080908@hardwarefreak.com> <[🔎] 4B3D779D.4020901@gmail.com> <[🔎] 4B3D890A.9070604@hardwarefreak.com> <[🔎] 4B3E0D09.5080600@gmail.com> <[🔎] 4B3E17FF.7090007@hardwarefreak.com> <[🔎] 4B3E2624.3030001@gmail.com> <[🔎] 4B3E491F.4000007@hardwarefreak.com> <[🔎] 4B3E507B.8090808@gmail.com> <[🔎] 4B3E5819.5090505@hardwarefreak.com> <[🔎] 4B3E61AE.3000808@gmail.com> <[🔎] 4B3E71B3.9010602@hardwarefreak.com> <[🔎] 4B3E85DB.7080306@gmail.com> <[🔎] 4B3F352C.9080403@hardwarefreak.com>

Stan Hoeppner wrote:

Wayne <linuxtwo@gmail.com> put forth on 1/1/2010 5:31 PM:

Hope this helps!!


Best I can tell all the subnet masks are correct.

I was just thinking... (smoke rises).  dmesg shows a small amount of packet
traffic to/from the MiFi WLAN interface, basically the DHCP setup handshake
packets, and nothing more.  Yet, you are unable to ping or telnet or www to that
interface on the MiFi, but you can ping your local WiFi interface.

What I'm thinking here is that your network stack is active, but something is
preventing your user space applications from accessing the network stack.  If
you have SELinux enabled, disable it.  Check to make sure you have no iptables
rules in place that might be causing problems.  If you don't know what iptables
is, disable or clear out any "firewall" software front end you have installed,
such as those listed here:

As soon as you said firewall, I remembered having this problem before.I had meant to disable the firewall last night when testing the MiFiconnection, but forgot.

I did it just now and was able to ping, finally, 192.168.1 .1. I thenhttp'ed to it and connected to the Admin page!!! Entered the passwd andgot to the configuration pages.!!! No firewall running but tried toconnect to Google anyway. No Joy. Checked /etc/resolv.conf. The DNSfrom the MiFi are not there so replaced one with the mifi dns but nojoy. I still think my routing is incomplete


http://wiki.debian.org/Firewalls

To do it manually, first, from a bash shell, do an "iptables -S" and reply here
with the output (this is merely informational for those following this thread).
 Immediately afterward, without waiting for my response, execute "iptables -F"
to flush the current rules.  You should now be working.

I checked the firewall script (firehol) and found an obvious error. As Ihave been using modems I had ehol) and found an obvious error. I'vebeen using modems so I had PUBLIC_MYIF="ppp+". Changed it toPUBLIC_MYIF="ath0", started the firewall, ran iptbles -S, tried toconnect, No, so ran iptables -F, tried to connect, no, do stopped thefirewall and connected to the admin page, but not to the internet.


I should have thought of this earlier, because of this:

ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

I've never seen that error before.  "Operation not permitted" is obviously a
policy error, not a network error.

I have seen that. Not to long ago either. I fixed it but can'tremember what I did. I 'think' it was due to an incorrect routing tableor the firewall though


I apologize for the length of this, but for others to learn from I will
include the results of iptables -S which is how I caught the ppp+ error.
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N BL_IN_BI
-N BL_IN_UNI
-N BL_OUT_BI
-N in_home
-N in_home_all_c4
-N in_home_all_s1
-N in_home_ftp_c6
-N in_home_ftp_s3
-N in_home_irc_c5
-N in_home_irc_s2
-N in_internet
-N in_internet2lan
-N in_internet2lan_all_c1
-N in_internet2lan_ftp_c3
-N in_internet2lan_irc_c2
-N in_internet_all_c5
-N in_internet_ftp_c7
-N in_internet_http_s4
-N in_internet_irc_c6
-N in_internet_smtp_s3
-N in_internet_torrent_c2
-N in_internet_torrent_s1
-N out_home
-N out_home_all_c4
-N out_home_all_s1
-N out_home_ftp_c6
-N out_home_ftp_s3
-N out_home_irc_c5
-N out_home_irc_s2
-N out_internet
-N out_internet2lan
-N out_internet2lan_all_c1
-N out_internet2lan_ftp_c3
-N out_internet2lan_irc_c2
-N out_internet_all_c5
-N out_internet_ftp_c7
-N out_internet_http_s4
-N out_internet_irc_c6
-N out_internet_smtp_s3
-N out_internet_torrent_c2
-N out_internet_torrent_s1
-N pr_internet_fragments
-N pr_internet_icmpflood
-N pr_internet_malbad
-N pr_internet_malnull
-N pr_internet_malxmas
-N pr_internet_nosyn
-N pr_internet_synflood
-A INPUT -s 4.79.132.217/32 -j BL_IN_BI
-A INPUT -s 69.94.105.81/32 -j BL_IN_BI
-A INPUT -s 65.120.238.2/32 -j BL_IN_BI
-A INPUT -s 66.79.167.34/32 -j BL_IN_BI
-A INPUT -s 68.230.241.41/32 -j BL_IN_BI
-A INPUT -s 89.77.64.72/32 -j BL_IN_BI
-A INPUT -s 216.239.51.91/32 -j BL_IN_BI
-A INPUT -s 73.14.253.95/32 -j BL_IN_BI
-A INPUT -s 68.142.110.0/24 -j BL_IN_BI
-A INPUT -s 207.251.224.0/20 -j BL_IN_BI
-A INPUT -s 210.251.192.0/19 -j BL_IN_BI
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.1.11/32 -i eth0 -j in_home
-A INPUT -s 192.168.1.0/24 -d 192.168.1.255/32 -i eth0 -j in_home
-A INPUT -i ath0 -j in_internet
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -m limit --limit 30/min -j ULOG --ulog-prefix "\'IN-unknown:\'"
-A INPUT -j DROP
-A FORWARD -d 4.79.132.217/32 -j BL_OUT_BI
-A FORWARD -s 4.79.132.217/32 -j BL_IN_BI
-A FORWARD -d 69.94.105.81/32 -j BL_OUT_BI
-A FORWARD -s 69.94.105.81/32 -j BL_IN_BI
-A FORWARD -d 65.120.238.2/32 -j BL_OUT_BI
-A FORWARD -s 65.120.238.2/32 -j BL_IN_BI
-A FORWARD -d 66.79.167.34/32 -j BL_OUT_BI
-A FORWARD -s 66.79.167.34/32 -j BL_IN_BI
-A FORWARD -d 68.230.241.41/32 -j BL_OUT_BI
-A FORWARD -s 68.230.241.41/32 -j BL_IN_BI
-A FORWARD -d 89.77.64.72/32 -j BL_OUT_BI
-A FORWARD -s 89.77.64.72/32 -j BL_IN_BI
-A FORWARD -d 216.239.51.91/32 -j BL_OUT_BI
-A FORWARD -s 216.239.51.91/32 -j BL_IN_BI
-A FORWARD -d 73.14.253.95/32 -j BL_OUT_BI
-A FORWARD -s 73.14.253.95/32 -j BL_IN_BI
-A FORWARD -d 68.142.110.0/24 -j BL_OUT_BI
-A FORWARD -s 68.142.110.0/24 -j BL_IN_BI
-A FORWARD -d 207.251.224.0/20 -j BL_OUT_BI
-A FORWARD -s 207.251.224.0/20 -j BL_IN_BI
-A FORWARD -d 210.251.192.0/19 -j BL_OUT_BI
-A FORWARD -s 210.251.192.0/19 -j BL_IN_BI
-A FORWARD -d 192.168.1.0/24 -i ath0 -o eth0 -j in_internet2lan
-A FORWARD -s 192.168.1.0/24 -i eth0 -o ath0 -j out_internet2lan
-A FORWARD -m state --state RELATED -j ACCEPT

-A FORWARD -m limit --limit 30/min -j ULOG --ulog-prefix"\'PASS-unknown:\'"

-A FORWARD -j DROP
-A OUTPUT -d 4.79.132.217/32 -j BL_OUT_BI
-A OUTPUT -d 69.94.105.81/32 -j BL_OUT_BI
-A OUTPUT -d 65.120.238.2/32 -j BL_OUT_BI
-A OUTPUT -d 66.79.167.34/32 -j BL_OUT_BI
-A OUTPUT -d 68.230.241.41/32 -j BL_OUT_BI
-A OUTPUT -d 89.77.64.72/32 -j BL_OUT_BI
-A OUTPUT -d 216.239.51.91/32 -j BL_OUT_BI
-A OUTPUT -d 73.14.253.95/32 -j BL_OUT_BI
-A OUTPUT -d 68.142.110.0/24 -j BL_OUT_BI
-A OUTPUT -d 207.251.224.0/20 -j BL_OUT_BI
-A OUTPUT -d 210.251.192.0/19 -j BL_OUT_BI
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.1.11/32 -d 192.168.1.0/24 -o eth0 -j out_home
-A OUTPUT -s 192.168.1.255/32 -d 192.168.1.0/24 -o eth0 -j out_home
-A OUTPUT -o ath0 -j out_internet
-A OUTPUT -m state --state RELATED -j ACCEPT
-A OUTPUT -m limit --limit 30/min -j ULOG --ulog-prefix "\'OUT-unknown:\'"
-A OUTPUT -j DROP
-A BL_IN_BI -j DROP
-A BL_IN_UNI -m state --state NEW -j DROP
-A BL_OUT_BI -p tcp -j REJECT --reject-with tcp-reset
-A BL_OUT_BI -j REJECT --reject-with icmp-host-unreachable
-A in_home -j in_home_all_s1
-A in_home -j in_home_irc_s2
-A in_home -j in_home_ftp_s3
-A in_home -j in_home_all_c4
-A in_home -j in_home_irc_c5
-A in_home -j in_home_ftp_c6
-A in_home -m state --state RELATED -j ACCEPT

-A in_home -p tcp -m limit --limit 30/min -j ULOG --ulog-prefix"\'\'IN-home\':\'"

-A in_home -p tcp -j REJECT --reject-with tcp-reset
-A in_home -m limit --limit 30/min -j ULOG --ulog-prefix "\'\'IN-home\':\'"
-A in_home -j REJECT --reject-with icmp-port-unreachable
-A in_home_all_c4 -m state --state ESTABLISHED -j ACCEPT
-A in_home_all_s1 -m state --state NEW,ESTABLISHED -j ACCEPT

-A in_home_ftp_c6 -p tcp -m tcp --sport 21 --dport 32768:61000 -m state--state ESTABLISHED -j ACCEPT-A in_home_ftp_c6 -p tcp -m tcp --sport 20 --dport 32768:61000 -m state--state RELATED,ESTABLISHED -j ACCEPT-A in_home_ftp_c6 -p tcp -m tcp --sport 1024:65535 --dport 32768:61000-m state --state ESTABLISHED -j ACCEPT-A in_home_ftp_s3 -p tcp -m tcp --sport 1024:65535 --dport 21 -m state--state NEW,ESTABLISHED -j ACCEPT-A in_home_ftp_s3 -p tcp -m tcp --sport 1024:65535 --dport 20 -m state--state ESTABLISHED -j ACCEPT-A in_home_ftp_s3 -p tcp -m tcp --sport 1024:65535 --dport 32768:61000-m state --state RELATED,ESTABLISHED -j ACCEPT-A in_home_irc_c5 -p tcp -m tcp --sport 6667 --dport 32768:61000 -mstate --state ESTABLISHED -j ACCEPT-A in_home_irc_s2 -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state--state NEW,ESTABLISHED -j ACCEPT

-A in_internet -s 0.0.0.0/7 -j RETURN
-A in_internet -s 5.0.0.0/8 -j RETURN
-A in_internet -s 10.0.0.0/8 -j RETURN
-A in_internet -s 14.0.0.0/8 -j RETURN
-A in_internet -s 23.0.0.0/8 -j RETURN
-A in_internet -s 27.0.0.0/8 -j RETURN
-A in_internet -s 31.0.0.0/8 -j RETURN
-A in_internet -s 36.0.0.0/7 -j RETURN
-A in_internet -s 39.0.0.0/8 -j RETURN
-A in_internet -s 42.0.0.0/8 -j RETURN
-A in_internet -s 49.0.0.0/8 -j RETURN
-A in_internet -s 50.0.0.0/8 -j RETURN
-A in_internet -s 100.0.0.0/6 -j RETURN
-A in_internet -s 104.0.0.0/6 -j RETURN
-A in_internet -s 127.0.0.0/8 -j RETURN
-A in_internet -s 176.0.0.0/7 -j RETURN
-A in_internet -s 179.0.0.0/8 -j RETURN
-A in_internet -s 181.0.0.0/8 -j RETURN
-A in_internet -s 185.0.0.0/8 -j RETURN
-A in_internet -s 223.0.0.0/8 -j RETURN
-A in_internet -s 240.0.0.0/4 -j RETURN
-A in_internet -s 10.0.0.0/8 -j RETURN
-A in_internet -s 169.254.0.0/16 -j RETURN
-A in_internet -s 172.16.0.0/12 -j RETURN
-A in_internet -s 192.0.2.0/24 -j RETURN
-A in_internet -s 192.88.99.0/24 -j RETURN
-A in_internet -s 192.168.0.0/16 -j RETURN
-A in_internet -j in_internet_torrent_s1
-A in_internet -j in_internet_torrent_c2
-A in_internet -f -j pr_internet_fragments

-A in_internet -p tcp -m state --state NEW -m tcp ! --tcp-flagsFIN,SYN,RST,ACK SYN -j pr_internet_nosyn

-A in_internet -p icmp -m icmp --icmp-type 8 -j pr_internet_icmpflood

-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -jpr_internet_synflood-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URGFIN,SYN,RST,PSH,ACK,URG -j pr_internet_malxmas-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -jpr_internet_malnull-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -jpr_internet_malbad-A in_internet -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -jpr_internet_malbad-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URGFIN,SYN,RST,ACK,URG -j pr_internet_malbad-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URGFIN,PSH,URG -j pr_internet_malbad

-A in_internet -m state --state INVALID -j DROP
-A in_internet -j in_internet_smtp_s3
-A in_internet -j in_internet_http_s4
-A in_internet -j in_internet_all_c5
-A in_internet -j in_internet_irc_c6
-A in_internet -j in_internet_ftp_c7
-A in_internet -m state --state RELATED -j ACCEPT

-A in_internet -m limit --limit 30/min -j ULOG --ulog-prefix"\'\'IN-internet\':\'"

-A in_internet -j DROP
-A in_internet2lan -s 0.0.0.0/7 -j RETURN
-A in_internet2lan -s 5.0.0.0/8 -j RETURN
-A in_internet2lan -s 10.0.0.0/8 -j RETURN
-A in_internet2lan -s 14.0.0.0/8 -j RETURN
-A in_internet2lan -s 23.0.0.0/8 -j RETURN
-A in_internet2lan -s 27.0.0.0/8 -j RETURN
-A in_internet2lan -s 31.0.0.0/8 -j RETURN
-A in_internet2lan -s 36.0.0.0/7 -j RETURN
-A in_internet2lan -s 39.0.0.0/8 -j RETURN
-A in_internet2lan -s 42.0.0.0/8 -j RETURN
-A in_internet2lan -s 49.0.0.0/8 -j RETURN
-A in_internet2lan -s 50.0.0.0/8 -j RETURN
-A in_internet2lan -s 100.0.0.0/6 -j RETURN
-A in_internet2lan -s 104.0.0.0/6 -j RETURN
-A in_internet2lan -s 127.0.0.0/8 -j RETURN
-A in_internet2lan -s 176.0.0.0/7 -j RETURN
-A in_internet2lan -s 179.0.0.0/8 -j RETURN
-A in_internet2lan -s 181.0.0.0/8 -j RETURN
-A in_internet2lan -s 185.0.0.0/8 -j RETURN
-A in_internet2lan -s 223.0.0.0/8 -j RETURN
-A in_internet2lan -s 240.0.0.0/4 -j RETURN
-A in_internet2lan -s 10.0.0.0/8 -j RETURN
-A in_internet2lan -s 169.254.0.0/16 -j RETURN
-A in_internet2lan -s 172.16.0.0/12 -j RETURN
-A in_internet2lan -s 192.0.2.0/24 -j RETURN
-A in_internet2lan -s 192.88.99.0/24 -j RETURN
-A in_internet2lan -s 192.168.0.0/16 -j RETURN
-A in_internet2lan -j in_internet2lan_all_c1
-A in_internet2lan -j in_internet2lan_irc_c2
-A in_internet2lan -j in_internet2lan_ftp_c3
-A in_internet2lan -m state --state RELATED -j ACCEPT
-A in_internet2lan_all_c1 -m state --state ESTABLISHED -j ACCEPT

-A in_internet2lan_ftp_c3 -p tcp -m tcp --sport 21 --dport 1024:65535 -mstate --state ESTABLISHED -j ACCEPT-A in_internet2lan_ftp_c3 -p tcp -m tcp --sport 20 --dport 1024:65535 -mstate --state RELATED,ESTABLISHED -j ACCEPT-A in_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport1024:65535 -m state --state ESTABLISHED -j ACCEPT-A in_internet2lan_irc_c2 -p tcp -m tcp --sport 6667 --dport 1024:65535-m state --state ESTABLISHED -j ACCEPT

-A in_internet_all_c5 -m state --state ESTABLISHED -j ACCEPT

-A in_internet_ftp_c7 -p tcp -m tcp --sport 21 --dport 32768:61000 -mstate --state ESTABLISHED -j ACCEPT-A in_internet_ftp_c7 -p tcp -m tcp --sport 20 --dport 32768:61000 -mstate --state RELATED,ESTABLISHED -j ACCEPT-A in_internet_ftp_c7 -p tcp -m tcp --sport 1024:65535 --dport32768:61000 -m state --state ESTABLISHED -j ACCEPT-A in_internet_http_s4 -p tcp -m tcp --sport 1024:65535 --dport 80 -mstate --state NEW,ESTABLISHED -j ACCEPT-A in_internet_irc_c6 -p tcp -m tcp --sport 6667 --dport 32768:61000 -mstate --state ESTABLISHED -j ACCEPT-A in_internet_smtp_s3 -p tcp -m tcp --sport 1024:65535 --dport 25 -mstate --state NEW,ESTABLISHED -j ACCEPT-A in_internet_torrent_c2 -p udp -m udp --sport 5290:6999 --dport32768:61000 -m state --state ESTABLISHED -j ACCEPT-A in_internet_torrent_s1 -p udp -m udp --sport 1024:65535 --dport5290:6999 -m state --state NEW,ESTABLISHED -j ACCEPT

-A out_home -j out_home_all_s1
-A out_home -j out_home_irc_s2
-A out_home -j out_home_ftp_s3
-A out_home -j out_home_all_c4
-A out_home -j out_home_irc_c5
-A out_home -j out_home_ftp_c6
-A out_home -m state --state RELATED -j ACCEPT

-A out_home -p tcp -m limit --limit 30/min -j ULOG --ulog-prefix"\'\'OUT-home\':\'"

-A out_home -p tcp -j REJECT --reject-with tcp-reset

-A out_home -m limit --limit 30/min -j ULOG --ulog-prefix"\'\'OUT-home\':\'"

-A out_home -j REJECT --reject-with icmp-port-unreachable
-A out_home_all_c4 -m state --state NEW,ESTABLISHED -j ACCEPT
-A out_home_all_s1 -m state --state ESTABLISHED -j ACCEPT

-A out_home_ftp_c6 -p tcp -m tcp --sport 32768:61000 --dport 21 -m state--state NEW,ESTABLISHED -j ACCEPT-A out_home_ftp_c6 -p tcp -m tcp --sport 32768:61000 --dport 20 -m state--state ESTABLISHED -j ACCEPT-A out_home_ftp_c6 -p tcp -m tcp --sport 32768:61000 --dport 1024:65535-m state --state RELATED,ESTABLISHED -j ACCEPT-A out_home_ftp_s3 -p tcp -m tcp --sport 21 --dport 1024:65535 -m state--state ESTABLISHED -j ACCEPT-A out_home_ftp_s3 -p tcp -m tcp --sport 20 --dport 1024:65535 -m state--state RELATED,ESTABLISHED -j ACCEPT-A out_home_ftp_s3 -p tcp -m tcp --sport 32768:61000 --dport 1024:65535-m state --state ESTABLISHED -j ACCEPT-A out_home_irc_c5 -p tcp -m tcp --sport 32768:61000 --dport 6667 -mstate --state NEW,ESTABLISHED -j ACCEPT-A out_home_irc_s2 -p tcp -m tcp --sport 6667 --dport 1024:65535 -mstate --state ESTABLISHED -j ACCEPT

-A out_internet -d 0.0.0.0/7 -j RETURN
-A out_internet -d 5.0.0.0/8 -j RETURN
-A out_internet -d 10.0.0.0/8 -j RETURN
-A out_internet -d 14.0.0.0/8 -j RETURN
-A out_internet -d 23.0.0.0/8 -j RETURN
-A out_internet -d 27.0.0.0/8 -j RETURN
-A out_internet -d 31.0.0.0/8 -j RETURN
-A out_internet -d 36.0.0.0/7 -j RETURN
-A out_internet -d 39.0.0.0/8 -j RETURN
-A out_internet -d 42.0.0.0/8 -j RETURN
-A out_internet -d 49.0.0.0/8 -j RETURN
-A out_internet -d 50.0.0.0/8 -j RETURN
-A out_internet -d 100.0.0.0/6 -j RETURN
-A out_internet -d 104.0.0.0/6 -j RETURN
-A out_internet -d 127.0.0.0/8 -j RETURN
-A out_internet -d 176.0.0.0/7 -j RETURN
-A out_internet -d 179.0.0.0/8 -j RETURN
-A out_internet -d 181.0.0.0/8 -j RETURN
-A out_internet -d 185.0.0.0/8 -j RETURN
-A out_internet -d 223.0.0.0/8 -j RETURN
-A out_internet -d 240.0.0.0/4 -j RETURN
-A out_internet -d 10.0.0.0/8 -j RETURN
-A out_internet -d 169.254.0.0/16 -j RETURN
-A out_internet -d 172.16.0.0/12 -j RETURN
-A out_internet -d 192.0.2.0/24 -j RETURN
-A out_internet -d 192.88.99.0/24 -j RETURN
-A out_internet -d 192.168.0.0/16 -j RETURN
-A out_internet -j out_internet_torrent_s1
-A out_internet -j out_internet_torrent_c2
-A out_internet -j out_internet_smtp_s3
-A out_internet -j out_internet_http_s4
-A out_internet -j out_internet_all_c5
-A out_internet -j out_internet_irc_c6
-A out_internet -j out_internet_ftp_c7
-A out_internet -m state --state RELATED -j ACCEPT

-A out_internet -m limit --limit 30/min -j ULOG --ulog-prefix"\'\'OUT-internet\':\'"

-A out_internet -j DROP
-A out_internet2lan -d 0.0.0.0/7 -j RETURN
-A out_internet2lan -d 5.0.0.0/8 -j RETURN
-A out_internet2lan -d 10.0.0.0/8 -j RETURN
-A out_internet2lan -d 14.0.0.0/8 -j RETURN
-A out_internet2lan -d 23.0.0.0/8 -j RETURN
-A out_internet2lan -d 27.0.0.0/8 -j RETURN
-A out_internet2lan -d 31.0.0.0/8 -j RETURN
-A out_internet2lan -d 36.0.0.0/7 -j RETURN
-A out_internet2lan -d 39.0.0.0/8 -j RETURN
-A out_internet2lan -d 42.0.0.0/8 -j RETURN
-A out_internet2lan -d 49.0.0.0/8 -j RETURN
-A out_internet2lan -d 50.0.0.0/8 -j RETURN
-A out_internet2lan -d 100.0.0.0/6 -j RETURN
-A out_internet2lan -d 104.0.0.0/6 -j RETURN
-A out_internet2lan -d 127.0.0.0/8 -j RETURN
-A out_internet2lan -d 176.0.0.0/7 -j RETURN
-A out_internet2lan -d 179.0.0.0/8 -j RETURN
-A out_internet2lan -d 181.0.0.0/8 -j RETURN
-A out_internet2lan -d 185.0.0.0/8 -j RETURN
-A out_internet2lan -d 223.0.0.0/8 -j RETURN
-A out_internet2lan -d 240.0.0.0/4 -j RETURN
-A out_internet2lan -d 10.0.0.0/8 -j RETURN
-A out_internet2lan -d 169.254.0.0/16 -j RETURN
-A out_internet2lan -d 172.16.0.0/12 -j RETURN
-A out_internet2lan -d 192.0.2.0/24 -j RETURN
-A out_internet2lan -d 192.88.99.0/24 -j RETURN
-A out_internet2lan -d 192.168.0.0/16 -j RETURN
-A out_internet2lan -j out_internet2lan_all_c1
-A out_internet2lan -j out_internet2lan_irc_c2
-A out_internet2lan -j out_internet2lan_ftp_c3
-A out_internet2lan -m state --state RELATED -j ACCEPT
-A out_internet2lan_all_c1 -m state --state NEW,ESTABLISHED -j ACCEPT

-A out_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport 21-m state --state NEW,ESTABLISHED -j ACCEPT-A out_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport 20-m state --state ESTABLISHED -j ACCEPT-A out_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT-A out_internet2lan_irc_c2 -p tcp -m tcp --sport 1024:65535 --dport 6667-m state --state NEW,ESTABLISHED -j ACCEPT

-A out_internet_all_c5 -m state --state NEW,ESTABLISHED -j ACCEPT

-A out_internet_ftp_c7 -p tcp -m tcp --sport 32768:61000 --dport 21 -mstate --state NEW,ESTABLISHED -j ACCEPT-A out_internet_ftp_c7 -p tcp -m tcp --sport 32768:61000 --dport 20 -mstate --state ESTABLISHED -j ACCEPT-A out_internet_ftp_c7 -p tcp -m tcp --sport 32768:61000 --dport1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT-A out_internet_http_s4 -p tcp -m tcp --sport 80 --dport 1024:65535 -mstate --state ESTABLISHED -j ACCEPT-A out_internet_irc_c6 -p tcp -m tcp --sport 32768:61000 --dport 6667 -mstate --state NEW,ESTABLISHED -j ACCEPT-A out_internet_smtp_s3 -p tcp -m tcp --sport 25 --dport 1024:65535 -mstate --state ESTABLISHED -j ACCEPT-A out_internet_torrent_c2 -p udp -m udp --sport 32768:61000 --dport5290:6999 -m state --state NEW,ESTABLISHED -j ACCEPT-A out_internet_torrent_s1 -p udp -m udp --sport 5290:6999 --dport1024:65535 -m state --state ESTABLISHED -j ACCEPT-A pr_internet_fragments -m limit --limit 30/min -j ULOG --ulog-prefix"\'PACKET FRAGMENTS:\'"

-A pr_internet_fragments -j DROP

-A pr_internet_icmpflood -m limit --limit 100/sec --limit-burst 50 -jRETURN-A pr_internet_icmpflood -m limit --limit 30/min -j ULOG --ulog-prefix"\'ICMP FLOOD:\'"

-A pr_internet_icmpflood -j DROP

-A pr_internet_malbad -m limit --limit 30/min -j ULOG --ulog-prefix"\'MALFORMED BAD:\'"

-A pr_internet_malbad -j DROP

-A pr_internet_malnull -m limit --limit 30/min -j ULOG --ulog-prefix"\'MALFORMED NULL:\'"

-A pr_internet_malnull -j DROP

-A pr_internet_malxmas -m limit --limit 30/min -j ULOG --ulog-prefix"\'MALFORMED XMAS:\'"

-A pr_internet_malxmas -j DROP

-A pr_internet_nosyn -m limit --limit 30/min -j ULOG --ulog-prefix"\'NEW TCP w/o SYN:\'"

-A pr_internet_nosyn -j DROP
-A pr_internet_synflood -m limit --limit 100/sec --limit-burst 50 -j RETURN

-A pr_internet_synflood -m limit --limit 30/min -j ULOG --ulog-prefix"\'SYN FLOOD:\'"

-A pr_internet_synflood -j DROP

Reply to:

Follow-Ups:
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>

References:
- [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: "Wayne <linuxtwo@gmail.com>" <linuxtwo@gmail.com>
- Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
  - From: Stan Hoeppner <stan@hardwarefreak.com>

Prev by Date: Looking for social networking website professionals
Next by Date: Re: Removing the indent-string quote marker '>' in emails.
Previous by thread: Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
Next by thread: Re: [Fwd: Re: Getting connected to Verizon 3G network -UPDATE]
Index(es):
- Date
- Thread