Re: iptables help needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 04.06.2008 14:05, Simon Slater a écrit :
| On Wed, 2008-06-04 at 10:05 +0200, François Patte wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Le 04.06.2008 01:03, Simon Slater a écrit :
|>
|

|>
| These are the type of logs now.  None of these are appearing in timeing
| with requests to the Internet from the laptop:
|
| [root@ipex ~]# tail  /var/log/messages
| Jun  4 21:41:35 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
| SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
| ID=5893 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0
| Jun  4 21:41:38 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
| SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104
| ID=5938 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0

Someone in Tahiti is scanning your computer.... No danger though!

| [root@ipex ~]#
|
| However, when request to the Internet from the desktop:
|
| Jun  4 21:59:31 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0
| SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64
| ID=3672 DF PROTO=TCP SPT=48673 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

no problem here: evry packet excaping from your desktop uses the
"postrouting" chain.... And is logged by the rule.

What is strange: we never see any request from the laptop: we should see
some logged packets with SRC=laptop IP (192.168.0.6 as you said). What
is the IP of eth0 on yor desktop? (ifconfig -a)
|
| [root@ipex ~]# lsmod | grep -i masquerade
| ipt_MASQUERADE          7873  1
| ip_nat                 22253  2 ipt_MASQUERADE,iptable_nat
| ip_conntrack           56993  6
|
ip_conntrack_ftp,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat,xt_state
| x_tables               18501  12
|
ipt_MASQUERADE,iptable_nat,xt_state,ip_tables,xt_multiport,ip6_tables,xt_mark,xt_MARK,ipt_LOG,ipt_REJECT,ip6t_REJECT,xt_tcpudp

OK


| [root@ipex ~]#
|
| Should this give something else?
|
| [root@ipex ~]# netstat -M
| netstat: no support for `ip_masquerade' on this system.

I think that this is a deprecated option or that it doesn't work with
iptables... maybe some backward compatibility with ipchains....



- --
François Patte
UFR de mathématiques et informatique
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 44 55 35 61
http://www.math-info.univ-paris5.fr/~patte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFIRtFjdE6C2dhV2JURApK2AKDThwdMxsghOdBc6m+qLVCmR8t8gACghXI1
/OuB0PNT6PcCLvglTsfGzbw=
=x69t
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux