Internal LAN cannot go outside firewall
Brought to you by:
simon_edwards
Menu
▾
▴
#1 Internal LAN cannot go outside firewall
Hi,
I am a newbie to linux. Though I read the IPTABLES doc,
but still it did not sync in my brain (if I have one :-).
I downloaded the latest release of guarddog for RedHat
8 and install it. It works fine (as expected). My
redhat-8 machine has two network cards. eth0 connects
to the internet and has the ip adress of 10.200.1.1
and eth1 that connects to the LAN, eth1 has the ip
address of 192.168.0. I have a nother machine that runs
windows XP with one network card 192.168.0.2. I defined
a new ZONE for my win-XP machine, and did all the steps
as required in the docs for guarddog but I can't
connect to the outside world. I get "Request Timed out"
when pinging any outside ip address. Please note that
I can ping between both machines fine.
Here is the output of my "ifconfig -a "
eth0 Link encap:Ethernet HWaddr 00:50:DA:DF:F2:88
inet addr:10.200.1.1 Bcast:10.255.255.255
Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:1398 errors:0 dropped:0 overruns:0
frame:0
TX packets:1770 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:100
RX bytes:695515 (679.2 Kb) TX bytes:240155
(234.5 Kb)
Interrupt:10 Base address:0xdc00
eth1 Link encap:Ethernet HWaddr 00:C1:26:00:0C:4C
inet addr:192.168.0.1 Bcast:192.168.0.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:1059 errors:0 dropped:0 overruns:0
frame:0
TX packets:572 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:100
RX bytes:124794 (121.8 Kb) TX bytes:97359
(95.0 Kb)
Interrupt:3 Base address:0x5c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0
frame:0
TX packets:14 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:0
RX bytes:1036 (1.0 Kb) TX bytes:1036 (1.0 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:199.203.153.185
P-t-P:199.203.153.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST
MTU:1452 Metric:1
RX packets:887 errors:0 dropped:0 overruns:0
frame:0
TX packets:968 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:3
RX bytes:601853 (587.7 Kb) TX bytes:123288
(120.3 Kb)
--------------------------------------------------------------------------
and here is the output of "iptables status"
------------------------------------------------------------------
Table: filter
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere
udp spt:bootps dpt:bootpc
ACCEPT all -- 10.200.1.1 10.255.255.255
ACCEPT all -- anter 192.168.0.255
logaborted tcp -- anywhere anywhere
state RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere
icmp time-exceeded
ACCEPT icmp -- anywhere anywhere
icmp parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere
icmp time-exceeded
ACCEPT icmp -- anywhere anywhere
icmp parameter-problem
srcfilt all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere
udp spt:bootpc dpt:bootps
ACCEPT all -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere
icmp time-exceeded
ACCEPT icmp -- anywhere anywhere
icmp parameter-problem
s1 all -- anywhere anywhere
Chain f0to1 (6 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:5632
ACCEPT udp -- anywhere anywhere
udp dpt:5632
ACCEPT udp -- anywhere anywhere
udp dpt:syslog
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:linuxconf
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:swat
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere
udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpts:1024:cvsup
ACCEPT udp -- anywhere anywhere
udp dpts:1024:cvsup
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:smtp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:http
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:webcache
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:http-alt
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:8000
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:10000
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:rtsp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:7070
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:squid
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:pop3
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:https
ACCEPT udp -- anywhere anywhere
udp dpts:traceroute:33600
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:printer
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere
udp dpt:domain
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ssh
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:0:1023 dpt:ssh
ACCEPT udp -- anywhere anywhere
udp dpt:isakmp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:finger
ACCEPT udp -- anywhere anywhere
udp dpt:finger
ACCEPT icmp -- anywhere anywhere
icmp redirect
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:imap
ACCEPT udp -- anywhere anywhere
udp dpt:imap
ACCEPT icmp -- anywhere anywhere
icmp source-quench
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:x11:6063
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:mysql
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ircd
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kerberos
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:krb524
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kpasswd
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kpasswd
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:xdmcp
ACCEPT icmp -- anywhere anywhere
icmp echo-request
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:auth
ACCEPT udp -- anywhere anywhere
udp dpt:auth
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1723
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:5900:5903
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:5800
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ftp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:13223
ACCEPT udp -- anywhere anywhere
udp dpt:13223
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1241
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:telnet
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:snmp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:socks
ACCEPT udp -- anywhere anywhere
udp dpt:socks
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp dpt:4000
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:ldap
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:522
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1503
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:h323hostcall
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1731
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:cvsup
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpts:1024:cvsup
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1863
ACCEPT udp -- anywhere anywhere
udp dpts:6970:7170
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpts:1024:cvsup
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
logdrop all -- anywhere anywhere
Chain f0to2 (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
udp dpt:syslog
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere
udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:squid
ACCEPT udp -- anywhere anywhere
udp dpts:traceroute:33600
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:printer
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere
udp dpt:domain
ACCEPT udp -- anywhere anywhere
udp dpt:isakmp
ACCEPT icmp -- anywhere anywhere
icmp redirect
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kerberos
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:krb524
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kpasswd
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kpasswd
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT icmp -- anywhere anywhere
icmp source-quench
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:nicname
ACCEPT icmp -- anywhere anywhere
icmp echo-request
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:auth
ACCEPT udp -- anywhere anywhere
udp dpt:auth
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1723
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:socks
ACCEPT udp -- anywhere anywhere
udp dpt:socks
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp dpts:6970:7170
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
logdrop all -- anywhere anywhere
Chain f1to0 (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
udp dpts:6970:7170
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp dpt:syslog
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:swat
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere
udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:smtp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:http
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:webcache
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:http-alt
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:8000
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:rtsp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:7070
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:squid
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:pop3
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:https
ACCEPT udp -- anywhere anywhere
udp dpts:traceroute:33600
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:printer
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere
udp dpt:domain
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:ssh
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:0:1023 dpt:ssh
ACCEPT udp -- anywhere anywhere
udp dpt:isakmp
ACCEPT icmp -- anywhere anywhere
icmp redirect
ACCEPT icmp -- anywhere anywhere
icmp source-quench
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpts:x11:6063
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:mysql
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:ircd
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:kerberos
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:krb524
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:kpasswd
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:kpasswd
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:xdmcp
ACCEPT icmp -- anywhere anywhere
icmp echo-request
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere
udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:nfs
ACCEPT udp -- anywhere anywhere
udp dpt:nfs
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:auth
ACCEPT udp -- anywhere anywhere
udp dpt:auth
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:http
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpts:41000:41999
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:1723
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpts:5900:5903
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:5800
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:ftp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:13223
ACCEPT udp -- anywhere anywhere
udp dpt:13223
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:1241
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:telnet
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:snmp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:socks
ACCEPT udp -- anywhere anywhere
udp dpt:socks
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp dpt:4000
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:ldap
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:522
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1503
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:h323hostcall
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1731
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp spts:1024:cvsup dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:1863
logreject tcp -- anywhere anywhere
state NEW tcp spts:1024:cvsup dpt:2628
ACCEPT udp -- anywhere anywhere
udp dpts:6970:7170
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
logdrop all -- anywhere anywhere
Chain f2to0 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere
udp dpt:syslog
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:swat
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere
udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:smtp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:http
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:webcache
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:http-alt
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:8000
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:rtsp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:7070
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:squid
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:pop3
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:https
ACCEPT udp -- anywhere anywhere
udp dpts:traceroute:33600
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:printer
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere
udp dpt:domain
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ssh
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:0:1023 dpt:ssh
ACCEPT udp -- anywhere anywhere
udp dpt:isakmp
ACCEPT icmp -- anywhere anywhere
icmp redirect
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:imap
ACCEPT udp -- anywhere anywhere
udp dpt:imap
ACCEPT icmp -- anywhere anywhere
icmp source-quench
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:x11:6063
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:mysql
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ircd
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kerberos
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:krb524
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kpasswd
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kpasswd
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:xdmcp
ACCEPT icmp -- anywhere anywhere
icmp echo-request
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:auth
ACCEPT udp -- anywhere anywhere
udp dpt:auth
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1723
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:5900:5903
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:5800
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ftp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:13223
ACCEPT udp -- anywhere anywhere
udp dpt:13223
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:imaps
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:telnet
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:socks
ACCEPT udp -- anywhere anywhere
udp dpt:socks
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp dpt:4000
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:ldap
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:522
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1503
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:h323hostcall
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1731
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1863
logdrop all -- anywhere anywhere
Chain f2to1 (6 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
udp dpts:6970:7170
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:41000:41999
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpts:1024:cvsup
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:5632
ACCEPT udp -- anywhere anywhere
udp dpt:5632
ACCEPT udp -- anywhere anywhere
udp dpt:syslog
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:linuxconf
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:swat
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere
udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpts:1024:cvsup
ACCEPT udp -- anywhere anywhere
udp dpts:1024:cvsup
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:smtp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:http
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:webcache
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:http-alt
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:8000
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:10000
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:rtsp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:7070
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:squid
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:pop3
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:https
ACCEPT udp -- anywhere anywhere
udp dpts:traceroute:33600
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:printer
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere
udp dpt:domain
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ssh
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:0:1023 dpt:ssh
ACCEPT udp -- anywhere anywhere
udp dpt:isakmp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:finger
ACCEPT udp -- anywhere anywhere
udp dpt:finger
ACCEPT icmp -- anywhere anywhere
icmp redirect
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:imap
ACCEPT udp -- anywhere anywhere
udp dpt:imap
ACCEPT icmp -- anywhere anywhere
icmp source-quench
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ircd
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:mysql
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:x11:6063
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kerberos
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:krb524
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kpasswd
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:kpasswd
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:kerberos-adm
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:nicname
ACCEPT udp -- anywhere anywhere
udp dpt:xdmcp
ACCEPT icmp -- anywhere anywhere
icmp echo-request
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:auth
ACCEPT udp -- anywhere anywhere
udp dpt:auth
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1723
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:5900:5903
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:5800
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:ftp
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:13223
ACCEPT udp -- anywhere anywhere
udp dpt:13223
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1241
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:telnet
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:snmp
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:socks
ACCEPT udp -- anywhere anywhere
udp dpt:socks
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere
udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere
udp dpt:4000
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:65535
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:ldap
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:522
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1503
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:h323hostcall
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:1731
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpts:1024:cvsup
ACCEPT udp -- anywhere anywhere
udp spts:1024:65535 dpts:1024:cvsup
ACCEPT tcp -- anywhere anywhere
state NEW tcp spts:1024:65535 dpt:1863
logdrop all -- anywhere anywhere
Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere
limit: avg 1/sec burst 10
LOG all -- anywhere anywhere
limit: avg 2/min burst 1 LOG level warning prefix
`LIMITED '
Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere
LOG level warning tcp-sequence tcp-options
ip-options prefix `ABORTED '
ACCEPT all -- anywhere anywhere
state RELATED,ESTABLISHED
Chain logdrop (8 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere
limit: avg 1/sec burst 10
LOG all -- anywhere anywhere
limit: avg 2/min burst 1 LOG level warning prefix
`LIMITED '
DROP all -- anywhere anywhere
Chain logdrop2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere
LOG level warning tcp-sequence tcp-options
ip-options prefix `DROPPED '
DROP all -- anywhere anywhere
Chain logreject (1 references)
target prot opt source destination
logreject2 all -- anywhere anywhere
limit: avg 1/sec burst 10
LOG all -- anywhere anywhere
limit: avg 2/min burst 1 LOG level warning prefix
`LIMITED '
REJECT tcp -- anywhere anywhere
reject-with tcp-reset
REJECT udp -- anywhere anywhere
reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain logreject2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere
LOG level warning tcp-sequence tcp-options
ip-options prefix `REJECTED '
REJECT tcp -- anywhere anywhere
reject-with tcp-reset
REJECT udp -- anywhere anywhere
reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere 10.200.1.1
f0to1 all -- anywhere 10.255.255.255
f0to1 all -- anywhere anter
f0to1 all -- anywhere 192.168.0.255
f0to1 all -- anywhere localhost
f0to1 all -- anywhere 199.203.153.185
f0to2 all -- anywhere 192.168.1.0/24
f0to2 all -- anywhere 192.168.0.255
logdrop all -- anywhere anywhere
Chain s1 (1 references)
target prot opt source destination
f1to2 all -- anywhere 192.168.1.0/24
f1to2 all -- anywhere 192.168.0.255
f1to0 all -- anywhere anywhere
Chain s2 (2 references)
target prot opt source destination
target prot opt source destination
f2to1 all -- anywhere 10.200.1.1
f2to1 all -- anywhere 10.255.255.255
f2to1 all -- anywhere anter
f2to1 all -- anywhere 192.168.0.255
f2to1 all -- anywhere localhost
f2to1 all -- anywhere 199.203.153.185
f2to0 all -- anywhere anywhere
Chain srcfilt (2 references)
target prot opt source destination
s2 all -- 192.168.1.0/24 anywhere
s2 all -- 192.168.0.255 anywhere
s0 all -- anywhere anywhere
-----------------------------------------------------------------------
This is a long list, but that is the output. Also note
that I changed the ip_forward value in
/proc/sys/ip_v4/ip_forward to "1" to enable forwading.
Any help will most appreciated.
Regards,
Isam
