Re: [Firestarter-user] Port Forwarding Problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Ryan wrote:

>On Mon, 19 Sep 2005 17:32:08 -0700 (PDT)
>"Kris Munroe" <kr...@cc...> wrote:
>
>  
>
>> gateway.
>>With two network cards.  I also have internet connection sharing
>>enabled and that portion of the firewall is working perfectly.  If I
>>set the forwarding port to the gateway's local address then I can
>>access the service however as soon as I change the setting to any
>>other machine on my LAN I get a connection timed out.  I did use the
>>micro$oft VPN user-pre forwarding rules as well and they seem to work
>>just fine.  I only have a problem with any of the standard ports like
>>22,80, etc.  I have searched google and this mailing list for quite
>>some time and found nothing that has solved my problem.
>>
>>Any help I can get would be greatly appreciated.
>>    
>>
>
>As root, run the command "iptables -L" and post the output here.
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by:
>Tame your development challenges with Apache's Geronimo App Server. 
>Download it for free - -and be entered to win a 42" plasma tv or your very
>own Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
>_______________________________________________
>Firestarter-user mailing list
>To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user
>  
>
Here it is.

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  vnsc-pri.sys.gtei.net  anywhere            tcp 
flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  vnsc-pri.sys.gtei.net  anywhere
ACCEPT     tcp  --  vnsc-bak.sys.gtei.net  anywhere            tcp 
flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  vnsc-bak.sys.gtei.net  anywhere
ACCEPT     tcp  --  vnsc-lc.sys.gtei.net  anywhere            tcp 
flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  vnsc-lc.sys.gtei.net  anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            limit: avg 
10/sec burst 5
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  anywhere             0.0.0.0
DROP       all  --  anywhere             anywhere            state INVALID
LSI        all  -f  anywhere             anywhere            limit: avg 
10/min burst 5
INBOUND    all  --  anywhere             anywhere
INBOUND    all  --  anywhere             192.168.1.28
INBOUND    all  --  anywhere             
static-71-102-125-63.sttlwa.dsl-w.verizon.net
INBOUND    all  --  anywhere             192.168.1.255
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            limit: avg 
10/sec burst 5
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     tcp  --  anywhere             192.168.1.20        tcp dpt:http
ACCEPT     udp  --  anywhere             192.168.1.20        udp dpt:http
OUTBOUND   all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             192.168.1.0/24      state 
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             192.168.1.0/24      state 
RELATED,ESTABLISHED
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Unknown Forward'

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  static-71-102-125-63.sttlwa.dsl-w.verizon.net  
vnsc-pri.sys.gtei.net tcp dpt:domain
ACCEPT     udp  --  static-71-102-125-63.sttlwa.dsl-w.verizon.net  
vnsc-pri.sys.gtei.net udp dpt:domain
ACCEPT     tcp  --  static-71-102-125-63.sttlwa.dsl-w.verizon.net  
vnsc-bak.sys.gtei.net tcp dpt:domain
ACCEPT     udp  --  static-71-102-125-63.sttlwa.dsl-w.verizon.net  
vnsc-bak.sys.gtei.net udp dpt:domain
ACCEPT     tcp  --  static-71-102-125-63.sttlwa.dsl-w.verizon.net  
vnsc-lc.sys.gtei.net tcp dpt:domain
ACCEPT     udp  --  static-71-102-125-63.sttlwa.dsl-w.verizon.net  
vnsc-lc.sys.gtei.net udp dpt:domain
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  anywhere             0.0.0.0
DROP       all  --  anywhere             anywhere            state INVALID
OUTBOUND   all  --  anywhere             anywhere
OUTBOUND   all  --  anywhere             anywhere
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Unknown Output'

Chain INBOUND (4 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere            udp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh
LSI        all  --  anywhere             anywhere

Chain LOG_FILTER (5 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            tcp 
dpt:netbios-ns reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp 
dpt:netbios-ns reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp 
dpt:netbios-dgm reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp 
dpt:netbios-dgm reject-with icmp-port-unreachable

Chain LSI (2 references)
target     prot opt source               destination
LOG_FILTER  all  --  anywhere             anywhere
LOG        tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix 
`Inbound '
REJECT     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
LOG        tcp  --  anywhere             anywhere            tcp 
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix 
`Inbound '
REJECT     tcp  --  anywhere             anywhere            tcp 
flags:FIN,SYN,RST,ACK/RST reject-with icmp-port-unreachable
LOG        icmp --  anywhere             anywhere            icmp 
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT     icmp --  anywhere             anywhere            icmp 
echo-request reject-with icmp-port-unreachable
LOG        all  --  anywhere             anywhere            limit: avg 
5/sec burst 5 LOG level info prefix `Inbound '
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-port-unreachable

Chain LSO (0 references)
target     prot opt source               destination
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg 
5/sec burst 5 LOG level info prefix `Outbound '
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-port-unreachable

Chain OUTBOUND (3 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere