Apologize, these are my rulesets. As for pinging internet hosts, it is
working corectly now (after accepting packets from ISP NameServer). But the
only one problem is, that there are still logs in shell prompt and i am not
typing anything...
iptables -L -nv
Chain INPUT (policy DROP 59 packets, 6498 bytes)
pkts bytes target prot opt in out source
destination
18 868 tcp_segmenty tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0
43 5995 udp_pakety udp -- eth0 * 0.0.0.0/0
0.0.0.0/0
33 2772 ACCEPT icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 icmp type 3
1 92 ACCEPT icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 icmp type 11
9 756 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
3168 435K ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
131 11622 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 REJECT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable
56 6568 spoofing all -- eth0 * 0.0.0.0/0
0.0.0.0/0
56 6568 spoofing all -- eth0 * 0.0.0.0/0
0.0.0.0/0
20 2396 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/hour burst 5 LOG flags 0 level 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
36 5139 ACCEPT all -- eth0 * 80.95.96.7
0.0.0.0/0
4 192 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth1 eth2 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 spoofing all -- eth0 * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 30 packets, 2520 bytes)
pkts bytes target prot opt in out source
destination
34 2728 ACCEPT all -- * * 127.0.0.1
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.201
0.0.0.0/0
145 13870 ACCEPT all -- * * 192.168.0.1
0.0.0.0/0
97 7286 ACCEPT all -- * * 82.142.67.253
0.0.0.0/0
0 0 ACCEPT all -- * * 127.0.0.1
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.1
0.0.0.0/0
53 4452 ACCEPT all -- * * 192.168.200.1
0.0.0.0/0
0 0 ACCEPT all -- * * 80.95.96.7
0.0.0.0/0
Chain spoofing (3 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 192.168.0.0/16
0.0.0.0/0
0 0 DROP all -- * * 172.16.0.0/12
0.0.0.0/0
0 0 DROP all -- * * 10.0.0.0/8
0.0.0.0/0
Chain syn_flood (0 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/sec burst 5
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain tcp_segmenty (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
Chain udp_pakety (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
iptables -L -t nat -nv
Chain PREROUTING (policy ACCEPT 3084 packets, 395K bytes)
pkts bytes target prot opt in out source
destination
0 0 REDIRECT tcp -- eth2 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 DROP all -- eth0 * 192.168.0.0/16
0.0.0.0/0
0 0 DROP all -- eth0 * 172.16.0.0/12
0.0.0.0/0
0 0 DROP all -- eth0 * 10.0.0.0/8
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 80 packets, 6594 bytes)
pkts bytes target prot opt in out source
destination
39 3035 MASQUERADE all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 149 packets, 12149 bytes)
pkts bytes target prot opt in out source
destination
Thanks in advance,
Stanley.
-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Antony Stone
Sent: Tuesday, March 09, 2004 2:23 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: ping to internet hosta through NameServer of provider
On Tuesday 09 March 2004 1:00 pm, Stanislav Puffler DiS. wrote:
> It seems like anything you´ve described. Here is the ruleset :
>
> iptables -L -nv
<snip>
If this is your ruleset, where is the LOG rule which produced the output you
posted earlier?
> > IN=eth0 OUT= MAC=.............. SRC="my_providers_nameserver_ip"
> > DST="ip_on_my_eth0" LEN=127 TOS=0x00 PREC=0x00 TTL=61 ID=3268 DF
> > PROTO=UDP SPT=53 DPT=32792 LEN=107
Antony.
--
People who use Microsoft software should be certified.
Please reply to the
list;
please don't CC
me.
