Re: Cannot go out the firewall

"Marco Nicoloso" <nicolm@xxxxxxxxx> · Thu, 26 Oct 2006 13:55:39 +0400

2006/10/26, Gáspár Lajos <swifty@xxxxxxxxxxx>:
Would you please post the output of these commands?

Immediately

iptables -vnL

   0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0           state INVALID
   0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
   8   528 ACCEPT     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
   0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0
0.0.0.0/0           state RELATED,ESTABLISHED
   0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0
0.0.0.0/0           udp spt:53
   0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0
0.0.0.0/0           tcp spt:53
   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0
0.0.0.0/0           tcp dpt:3128
   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0
0.0.0.0/0           tcp dpt:80
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0           tcp dpt:22
   0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0
0.0.0.0/0           tcp dpt:25
   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0
0.0.0.0/0           tcp dpt:25
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 3
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 4
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 11
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 12
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 5
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 9
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 8
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           icmp type 0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
   0     0 laninet    all  --  eth1   eth0    0.0.0.0/0            0.0.0.0/0
   0     0 inetlan    all  --  eth0   eth1    0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
   0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0           state INVALID
   0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
   5   540 ACCEPT     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
   0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0
0.0.0.0/0           state NEW,RELATED,ESTABLISHED

Chain inetlan (1 references)
pkts bytes target     prot opt in     out     source               destination
   0     0 DROP       all  --  *      *       192.168.7.0/24       0.0.0.0/0
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0           tcp spt:53
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0           udp spt:53
   0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0           state RELATED,ESTABLISHED
   0     0 REJECT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0           reject-with tcp-reset

Chain laninet (1 references)
pkts bytes target     prot opt in     out     source               destination
   0     0 DROP       all  --  *      *      !192.168.7.0/24       0.0.0.0/0
   0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
iptables -vnL -t nat
iptables: Table does not exist (do you need to insmod?)
iptables -vnL -t mangle
iptables: Table does not exist (do you need to insmod?)

But modules iptable_nat and iptable_mangle (although, I think,
iptable_mangle is not necessary for me) are loaded.

Do I need to create table nat, or it is built-in?

Thanx

Swifty