Re: [Firestarter-user] Port Forwarding Problem
Brought to you by:
majix
From: Kris M. <kr...@cc...> - 2005-09-20 16:09:29
|
Ryan wrote: >On Mon, 19 Sep 2005 17:32:08 -0700 (PDT) >"Kris Munroe" <kr...@cc...> wrote: > > > >> gateway. >>With two network cards. I also have internet connection sharing >>enabled and that portion of the firewall is working perfectly. If I >>set the forwarding port to the gateway's local address then I can >>access the service however as soon as I change the setting to any >>other machine on my LAN I get a connection timed out. I did use the >>micro$oft VPN user-pre forwarding rules as well and they seem to work >>just fine. I only have a problem with any of the standard ports like >>22,80, etc. I have searched google and this mailing list for quite >>some time and found nothing that has solved my problem. >> >>Any help I can get would be greatly appreciated. >> >> > >As root, run the command "iptables -L" and post the output here. > > >------------------------------------------------------- >SF.Net email is sponsored by: >Tame your development challenges with Apache's Geronimo App Server. >Download it for free - -and be entered to win a 42" plasma tv or your very >own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php >_______________________________________________ >Firestarter-user mailing list >To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user > > Here it is. Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- vnsc-pri.sys.gtei.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- vnsc-pri.sys.gtei.net anywhere ACCEPT tcp -- vnsc-bak.sys.gtei.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- vnsc-bak.sys.gtei.net anywhere ACCEPT tcp -- vnsc-lc.sys.gtei.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- vnsc-lc.sys.gtei.net anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID LSI all -f anywhere anywhere limit: avg 10/min burst 5 INBOUND all -- anywhere anywhere INBOUND all -- anywhere 192.168.1.28 INBOUND all -- anywhere static-71-102-125-63.sttlwa.dsl-w.verizon.net INBOUND all -- anywhere 192.168.1.255 LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Input' Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT tcp -- anywhere 192.168.1.20 tcp dpt:http ACCEPT udp -- anywhere 192.168.1.20 udp dpt:http OUTBOUND all -- anywhere anywhere ACCEPT tcp -- anywhere 192.168.1.0/24 state RELATED,ESTABLISHED ACCEPT udp -- anywhere 192.168.1.0/24 state RELATED,ESTABLISHED LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward' Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- static-71-102-125-63.sttlwa.dsl-w.verizon.net vnsc-pri.sys.gtei.net tcp dpt:domain ACCEPT udp -- static-71-102-125-63.sttlwa.dsl-w.verizon.net vnsc-pri.sys.gtei.net udp dpt:domain ACCEPT tcp -- static-71-102-125-63.sttlwa.dsl-w.verizon.net vnsc-bak.sys.gtei.net tcp dpt:domain ACCEPT udp -- static-71-102-125-63.sttlwa.dsl-w.verizon.net vnsc-bak.sys.gtei.net udp dpt:domain ACCEPT tcp -- static-71-102-125-63.sttlwa.dsl-w.verizon.net vnsc-lc.sys.gtei.net tcp dpt:domain ACCEPT udp -- static-71-102-125-63.sttlwa.dsl-w.verizon.net vnsc-lc.sys.gtei.net udp dpt:domain ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID OUTBOUND all -- anywhere anywhere OUTBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Output' Chain INBOUND (4 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT udp -- anywhere anywhere udp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh LSI all -- anywhere anywhere Chain LOG_FILTER (5 references) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:netbios-ns reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpt:netbios-ns reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:netbios-dgm reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpt:netbios-dgm reject-with icmp-port-unreachable Chain LSI (2 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST reject-with icmp-port-unreachable LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain LSO (0 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTBOUND (3 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere |