Re: iptables help needed

Simon Slater <pyevet@xxxxxxxxxxx> · Wed, 04 Jun 2008 22:05:51 +1000

On Wed, 2008-06-04 at 10:05 +0200, François Patte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Le 04.06.2008 01:03, Simon Slater a écrit :
> 
> |> The evolution request has been done from the desktop, not from the
> |> laptop. Am I right? Packets are dropped because port 110 is not allowed
> |> by the script, but, up to now this is not the problem.
> |
> | Yes, Evolution runs on the desktop.  I added port 110 to your script
> | under the SMPT and NEWS section last night and those packets are not
> | being logged now.
> 
> And you can retrieve your mails!?

Yes, no worries there.
> 
<SNIP>

All the changes made.

> rerun the script. If some requests to the Internet come from your
> laptop, there will some lines like this in the logs of your desktop:
> 
> <quote>
> Jun  4 09:45:44 dipankar kernel: [IPTABLES MASQ]IN= OUT=ppp0
> SRC=192.168.1.4 DST=213.251.134.188 LEN=76 TOS=0x00 PREC=0x00 TTL=63
> ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56
> </quote>
> 
These are the type of logs now.  None of these are appearing in timeing
with requests to the Internet from the laptop:

[root@ipex ~]# tail  /var/log/messages
Jun  4 21:41:35 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=5893 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:41:38 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=5938 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:41:44 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=6053 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:43:31 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=7676 DF PROTO=TCP SPT=63748 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:43:34 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=7723 DF PROTO=TCP SPT=63748 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:43:40 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=7806 DF PROTO=TCP SPT=63748 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:45:27 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=9354 DF PROTO=TCP SPT=63980 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:45:30 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=9389 DF PROTO=TCP SPT=63980 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:45:36 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
ID=9469 DF PROTO=TCP SPT=63980 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
Jun  4 21:46:10 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=189.83.10.165 DST=59.101.218.205 LEN=78 TOS=0x00 PREC=0x00 TTL=106
ID=63625 PROTO=UDP SPT=1026 DPT=137 LEN=58
[root@ipex ~]#    

However, when request to the Internet from the desktop:

Jun  4 21:59:31 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=3672 DF PROTO=TCP SPT=48673 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun  4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=14613 DF PROTO=TCP SPT=48674 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun  4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=56187 DF PROTO=TCP SPT=48675 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun  4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=34201 DF PROTO=TCP SPT=48676 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun  4 21:59:32 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=14187 DF PROTO=TCP SPT=48677 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun  4 21:59:33 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=16904 DF PROTO=TCP SPT=48678 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun  4 21:59:40 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
SRC=59.101.218.205 DST=134.178.63.140 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=54671 DF PROTO=TCP SPT=53263 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

Which is what is expected from the laptop also, yes?

This is the session IP's:
Jun  4 18:17:39 ipex pppd[11903]: PAP authentication succeeded
Jun  4 18:17:39 ipex pppd[11903]: local  IP address 59.101.218.205
Jun  4 18:17:39 ipex pppd[11903]: remote IP address 210.8.1.12
Jun  4 18:17:39 ipex pppd[11903]: primary   DNS address 203.8.183.1
Jun  4 18:17:39 ipex pppd[11903]: secondary DNS address 192.189.54.33

> lsmod | grep -i masquerade
> 
> There should be some kernel modules for masquerade (ipt_MASQUERADE,
> nf_nat, ...)
> 
Is this how it should be?

[root@ipex ~]# lsmod | grep -i masquerade
ipt_MASQUERADE          7873  1
ip_nat                 22253  2 ipt_MASQUERADE,iptable_nat
ip_conntrack           56993  6
ip_conntrack_ftp,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat,xt_state
x_tables               18501  12
ipt_MASQUERADE,iptable_nat,xt_state,ip_tables,xt_multiport,ip6_tables,xt_mark,xt_MARK,ipt_LOG,ipt_REJECT,ip6t_REJECT,xt_tcpudp
[root@ipex ~]#  

Should this give something else?

[root@ipex ~]# netstat -M
netstat: no support for `ip_masquerade' on this system.
[root@ipex ~]# 

Hope this makes more sense to you, I'm well over my head now.

-- 
Regards,
Simon

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list