06-27-2013
update. oddly nothing show up in the logs so I created a completely different iptables ruleset using
Easy Firewall Generator for iptables
with these basic rule set:
Code :
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
104 8828 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
605 75520 bad_packets all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.1
86 14040 ACCEPT all -- eth1 * 192.168.3.0/27 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 192.168.3.31
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT all -- eth1 * 192.168.3.0/27 0.0.0.0/0
519 61480 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12022 state NEW
0 0 tcp_inbound tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 udp_inbound udp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 icmp_packets icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `fp=INPUT:99 a=DROP '
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19460 18M bad_packets all -- * * 0.0.0.0/0 0.0.0.0/0
6692 364K tcp_outbound tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
567 39083 udp_outbound udp -- eth1 * 0.0.0.0/0 0.0.0.0/0
2 450 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
12172 17M ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `fp=FORWARD:99 a=DROP '
0 0 ACCEPT all -- eth1 192.168.3.0/27 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- 192.168.3.0/27 eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
100 8660 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
4 168 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
112 9065 ACCEPT all -- * * 192.168.3.1 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
385 70632 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `fp=OUTPUT:99 a=DROP '
Chain bad_packets (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 192.168.3.0/27 0.0.0.0/0 LOG flags 0 level 4 prefix `fp=bad_packets:2 a=DROP '
0 0 DROP all -- eth0 * 192.168.3.0/27 0.0.0.0/0
27 1188 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix `fp=bad_packets:1 a=DROP '
27 1188 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
18861 17M bad_tcp_packets tcp -- * * 0.0.0.0/0 0.0.0.0/0
20038 18M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain bad_tcp_packets (1 references)
pkts bytes target prot opt in out source destination
6775 377K RETURN tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW LOG flags 0 level 4 prefix `fp=bad_tcp_packets:1 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:2 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F LOG flags 0 level 4 prefix `fp=bad_tcp_packets:3 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:4 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:5 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:6 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:7 a=DROP '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
12086 17M RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain icmp_packets (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG icmp -f * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `fp=icmp_packets:1 a=DROP '
0 0 DROP icmp -f * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcp_inbound (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcp_outbound (1 references)
pkts bytes target prot opt in out source destination
6692 364K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain udp_inbound (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
Chain udp_outbound (1 references)
pkts bytes target prot opt in out source destination
567 39083 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
and I still cannot communicate but with only certain ips within my LAN:
From my firewall:
Code :
Starting Nmap 5.51 ( http://nmap.org ) at 2013-06-27 15:04 EDT
Initiating ARP Ping Scan at 15:04
Scanning 192.168.3.0 [1 port]
Completed ARP Ping Scan at 15:04, 0.42s elapsed (1 total hosts)
Nmap scan report for 192.168.3.0 [host down]
Initiating Parallel DNS resolution of 1 host. at 15:04
Completed Parallel DNS resolution of 1 host. at 15:04, 0.03s elapsed
Initiating ARP Ping Scan at 15:04
Scanning 30 hosts [1 port/host]
Completed ARP Ping Scan at 15:04, 1.35s elapsed (30 total hosts)
Initiating Parallel DNS resolution of 30 hosts. at 15:04
Completed Parallel DNS resolution of 30 hosts. at 15:04, 0.04s elapsed
Nmap scan report for 192.168.3.2 [host down]
Nmap scan report for 192.168.3.3 [host down]
Nmap scan report for 192.168.3.4 [host down]
Nmap scan report for 192.168.3.5 [host down]
Nmap scan report for 192.168.3.6 [host down]
Nmap scan report for 192.168.3.7 [host down]
Nmap scan report for 192.168.3.8 [host down]
Nmap scan report for 192.168.3.9 [host down]
Nmap scan report for 192.168.3.10 [host down]
Initiating Connect Scan at 15:04
Scanning 192.168.3.1 [1 port]
Completed Connect Scan at 15:04, 0.00s elapsed (1 total ports)
Nmap scan report for 192.168.3.1
Host is up (0.00013s latency).
PORT STATE SERVICE
80/tcp closed http
Nmap scan report for 192.168.3.12 [host down]
Nmap scan report for 192.168.3.13 [host down]
Nmap scan report for 192.168.3.15 [host down]
Nmap scan report for 192.168.3.16 [host down]
Nmap scan report for 192.168.3.17 [host down]
Nmap scan report for 192.168.3.19 [host down]
Nmap scan report for 192.168.3.21 [host down]
Nmap scan report for 192.168.3.22 [host down]
Nmap scan report for 192.168.3.23 [host down]
Nmap scan report for 192.168.3.24 [host down]
Nmap scan report for 192.168.3.25 [host down]
Nmap scan report for 192.168.3.26 [host down]
Nmap scan report for 192.168.3.27 [host down]
Nmap scan report for 192.168.3.28 [host down]
Nmap scan report for 192.168.3.29 [host down]
Nmap scan report for 192.168.3.30 [host down]
Nmap scan report for 192.168.3.31 [host down]
Initiating Connect Scan at 15:04
Scanning 4 hosts [1 port/host]
Discovered open port 80/tcp on 192.168.3.20
Completed Connect Scan at 15:04, 0.00s elapsed (4 total ports)
Nmap scan report for 192.168.3.11
Host is up (0.00068s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: 02:03:05:CD:06:04 (ZyXEL Communications)
Nmap scan report for 192.168.3.14
Host is up (0.32s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: A9:54:C2:0B:D1:70 (Unknown)
Nmap scan report for 192.168.3.18
Host is up (0.41s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: C8:32:CA:DF:1B:79 (Unknown)
Nmap scan report for 192.168.3.20
Host is up (0.25s latency).
PORT STATE SERVICE
80/tcp open http
MAC Address: 7C:DD:90:39:65:3C (Unknown)
Read data files from: /usr/share/nmap
Nmap done: 32 IP addresses (5 hosts up) scanned in 1.96 seconds
Raw packets sent: 61 (1.708KB) | Rcvd: 7 (196B)
and from a laptop within my LAN:
Code :
Starting Nmap 6.00 ( http://nmap.org ) at 2013-06-27 15:04 EDT
Initiating ARP Ping Scan at 15:04
Scanning 14 hosts [1 port/host]
Completed ARP Ping Scan at 15:04, 0.43s elapsed (14 total hosts)
Initiating Parallel DNS resolution of 14 hosts. at 15:04
Completed Parallel DNS resolution of 14 hosts. at 15:04, 0.03s elapsed
Nmap scan report for 192.168.3.0 [host down]
Nmap scan report for 192.168.3.2 [host down]
Nmap scan report for 192.168.3.3 [host down]
Nmap scan report for 192.168.3.4 [host down]
Nmap scan report for 192.168.3.5 [host down]
Nmap scan report for 192.168.3.6 [host down]
Nmap scan report for 192.168.3.7 [host down]
Nmap scan report for 192.168.3.8 [host down]
Nmap scan report for 192.168.3.9 [host down]
Nmap scan report for 192.168.3.10 [host down]
Nmap scan report for 192.168.3.12 [host down]
Nmap scan report for 192.168.3.13 [host down]
Initiating Parallel DNS resolution of 1 host. at 15:04
Completed Parallel DNS resolution of 1 host. at 15:04, 0.02s elapsed
Initiating Connect Scan at 15:04
Scanning 2 hosts [1 port/host]
Completed Connect Scan at 15:04, 0.00s elapsed (2 total ports)
Nmap scan report for 192.168.3.1
Host is up (0.0038s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: 00:19:5B:69:C3:B1 (D-Link)
Nmap scan report for 192.168.3.11
Host is up (0.0020s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: 02:03:05:CD:06:04 (ZyXEL Communications)
Initiating ARP Ping Scan at 15:04
Scanning 17 hosts [1 port/host]
Completed ARP Ping Scan at 15:04, 0.81s elapsed (17 total hosts)
Nmap scan report for 192.168.3.15 [host down]
Nmap scan report for 192.168.3.16 [host down]
Nmap scan report for 192.168.3.17 [host down]
Nmap scan report for 192.168.3.18 [host down]
Nmap scan report for 192.168.3.19 [host down]
Nmap scan report for 192.168.3.20 [host down]
Nmap scan report for 192.168.3.21 [host down]
Nmap scan report for 192.168.3.22 [host down]
Nmap scan report for 192.168.3.23 [host down]
Nmap scan report for 192.168.3.24 [host down]
Nmap scan report for 192.168.3.25 [host down]
Nmap scan report for 192.168.3.26 [host down]
Nmap scan report for 192.168.3.27 [host down]
Nmap scan report for 192.168.3.28 [host down]
Nmap scan report for 192.168.3.29 [host down]
Nmap scan report for 192.168.3.30 [host down]
Nmap scan report for 192.168.3.31 [host down]
Initiating Connect Scan at 15:04
Scanning 192.168.3.14 [1 port]
Completed Connect Scan at 15:04, 0.00s elapsed (1 total ports)
Nmap scan report for 192.168.3.14
Host is up (0.00015s latency).
PORT STATE SERVICE
80/tcp closed http
Read data files from: /usr/bin/../share/nmap
Nmap done: 32 IP addresses (3 hosts up) scanned in 1.36 seconds
Raw packets sent: 60 (1.680KB) | Rcvd: 2 (56B)
What rule am I missing?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello again !
Thanks for response of my first question. there is my second quesiton why i have local.profile instead of .profile file ?
my all files in pwd shoes local. before any file.
is anybody can tell me about that ?
Thanks
Abid Malik (5 Replies)
Discussion started by: abidmalik
5 Replies
2. UNIX for Dummies Questions & Answers
Hey!
Iam going to set up a bigger LAN.Server have 4 network adapters.
-----------*0----------
| |
| |
----*1-----*2-----*3-
Network adapret *0 will be for DSL,
*1 for like 30 computers windows xp installed on,*1 will have to... (1 Reply)
Discussion started by: net555
1 Replies
3. Solaris
Hi ,
I am trying to configure a private LAN and corporate LAN on the same machien on Solaris 10.
How can I achieve this?
Thanks (1 Reply)
Discussion started by: deedee
1 Replies
4. IP Networking
Hi,
We have a website running on a local centos 5.4 surfer, static IP.
The domain.com uses no-ip.com to take care of the DNS, it forwards all to my server.
My router receives the port 80 call, routes it to my server and the world can see domain.com perfectly fine.
However, we cannot see... (3 Replies)
Discussion started by: lawstudent
3 Replies
5. AIX
Hi Friends,
I have this script for ftping files from AIX server to local windows xp.
#!/bin/sh
HOST='localsystem.net'
USER='myid_onlocal'
PASSWD='mypwd_onlocal'
FILE='file.txt' ##This is a file on server(AIX)
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies
6. Red Hat
I am facing strange problem regarding hostname on my Linux(2.6.18-164.el5xen x86_64 GNU/Linux), the hostname changes if reboot with lan cable and with NO lan cable
Reboot with lan cable:
The hostname is ubunut
Unable to connect Oracle database using sqlplus some times database is not... (2 Replies)
Discussion started by: LinuxLearner
2 Replies
7. UNIX for Dummies Questions & Answers
hi guys
suse 11 SP1 x64
I have a server (4 NIC ports 192.168.100.100-103) that connects point to point to a storage device (same thing 4 ports 192.168.110.100-113) but this server connects to normal LAN 10.6.100.x - gateway 10.6.100.1
the issue is when testing connectivity to the storage... (7 Replies)
Discussion started by: karlochacon
7 Replies
8. Shell Programming and Scripting
Hello
I'm beginner in the linux scripting and i would like to get help. I want to create a script that can block one or more Port even see all the TCP port. The ports must be blocked even when starting my machine.
Of course requires a second script which will allow the ports that you want to... (0 Replies)
Discussion started by: houstaf
0 Replies
9. Red Hat
I want to SSH to 192.168.1.15 Server from my machine, my ip was 192.168.1.99
Source Destination was UP, with IP 192.168.1.15.
This is LAN Network there are 30 Machine's Connected to the network and working fine, I'm Playing around the local machine's because I need to apply the same rules in... (2 Replies)
Discussion started by: babinlonston
2 Replies
10. IP Networking
Hello,
Recently I discovered an issue with packet routing in the latest Android releases (4.4+ KitKat & Lollipop).
It seems that the problem Android specific, but essentially it comes from the Linux kernel.
I already filed a bug report to Google. You can see the details by searching for... (0 Replies)
Discussion started by: Vladislav
0 Replies