[NTLUG:Discuss] mypisd.net problem (need help)
m m
llliiilll at hotmail.com
Thu Sep 11 20:57:12 CDT 2008
I have posted this problem a couple days ago.
Terry ask me for the firewall rules and other information.
below is the information:
the problem is
I can go any web sites (at least I the sites I have been visited)
Except the mypisd.net
I can not visit that site. weird!
Please help, thanks.
here are the files.firewall script:
---------------------------------------------------------------------
#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forwardi
ptables -F -v
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# Set default policies for packets going through this firewall box
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter;
do echo 1 > $f
done
# Anything coming from our internal network should have only our addresses!
# iptables -A FORWARD -i eth1 -s ! 192.168.1.0/24 -j DROP
iptables -A FORWARD -i eth0 -s 169.151.6.100 -j ACCEPT
iptables -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -v -t nat -A POSTROUTING -d 24.xxx.xxx.xxx -j MASQUERADE
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that aren't designed
# to leave the LAN
# SMB / Windows filesharingiptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
# NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
# NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
# Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 24.xxx.xxx.xxx
echo "1" > /proc/sys/net/ipv4/ip_forward
------------------------------------------------------------
hosts:
-------------------------------------------------------
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost a1
::1 localhost.localdomain localhost a1
192.168.1.2 a2
192.168.1.3 a3
192.168.1.4 a4
192.168.1.5 a5
192.168.1.6 a6
192.168.1.7 a7
192.168.1.8 a8
192.168.1.9 a9
192.168.1.1 a1
--------------------------------------------------------------
the hosts.allow and hosts.deny are blank. (only default notes)
the one I have missed here are tcpdump, what tcpdump args I need use for getting a snapshot?
in other words, what how do I make a tcpdump snapshot?
I have tried
tcpdump > filename
but not succeed.
Answer you other questions in this thread:
1. I don't run squid caching proxy.
2. I don't use firestarter.
3. nothing in the /etc/hosts.deny and /etc/hostd.deny
Let me know if you need more information.
please help.
Thanks.
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
More information about the Discuss
mailing list