Hi IP-Tables isn't outputting any error messages at all. Heres my script. Or there abouts. The problems i am getting are the port forwards for 4662 and 4672 arn't working correctly. I'm getting port forwards adding themselves in for ports 5800,5900,3372,6502,1025,1026,42 and 366. As you can see these rules don't exist in the firewall, there is also an nmap scan output attached of the ports which are open/filtered. Connection tracking is working fine and when i add some rules in to open ports up sometimes it doesn't work sometimes it does. Thanks Karl On Fri, 2004-06-25 at 17:13, Juan Hernandez wrote: > Could you copy and pase some logging? > > Juan > Karl Lattimer wrote: > > >Hi, I've got a firewall script I've which i've been using for 2 years > >now on redhat 7.3 and redhat 9, after upgrading to fedora core 2 the > >script is misbehaving slightly. Some of my port forwards don't work > >correctly and some of my port blocking/opening doesn't work correctly. > > > >Any ideas what may be causing this? > > > >Thanks > > > >Karl > > > > > > > >
Attachment:
firewall.debug.sh
Description: application/shellscript
(The 1557 ports scanned but not shown below are in state: closed) Port State Service 1/tcp filtered tcpmux 2/tcp filtered compressnet 3/tcp filtered compressnet 4/tcp filtered unknown 5/tcp filtered rje 6/tcp filtered unknown 7/tcp filtered echo 8/tcp filtered unknown 9/tcp filtered discard 10/tcp filtered unknown 11/tcp filtered systat 12/tcp filtered unknown 13/tcp filtered daytime 14/tcp filtered unknown 15/tcp filtered netstat 16/tcp filtered unknown 17/tcp filtered qotd 18/tcp filtered msp 19/tcp filtered chargen 20/tcp filtered ftp-data 21/tcp filtered ftp 22/tcp open ssh 23/tcp filtered telnet 24/tcp filtered priv-mail 25/tcp open smtp 42/tcp open nameserver 110/tcp open pop-3 135/tcp filtered loc-srv 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 143/tcp open imap2 366/tcp open odmr 445/tcp filtered microsoft-ds 465/tcp open smtps 993/tcp open imaps 995/tcp open pop3s 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 3372/tcp open msdtc 5800/tcp open vnc-http 5900/tcp open vnc 6502/tcp open netop-rc No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.00%P=i386-redhat-linux-gnu%D=6/30%Time=40E28D7F%O=22%C=26) TSeq(Class=RI%gcd=1%SI=185E3A%IPID=Z%TS=1000HZ) TSeq(Class=RI%gcd=3%SI=81693%IPID=Z%TS=1000HZ) TSeq(Class=RI%gcd=1%SI=18513E%IPID=Z%TS=1000HZ) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=N) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
