Re: Wrong ips

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Alexander Pyhalov a écrit :
I'm trying to add some rules, but they don't work, when contain port numbers: 
When I'm adding the following rule

#  Access to HTTP server
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#  Access to SSH is allowed to all
iptables -A INPUT -p tcp -m --dport 22 -j ACCEPT
#  Access to Tomcat
iptables -A INPUT  -s <ip1>ACCEPT
iptables -A INPUT  -s <ip2>  -j ACCEPT
# Access to SMB is allowed to all
iptables -A INPUT -p tcp -m --dport 139 -j ACCEPT iptables -A INPUT -p tcp -m --dport 445 -j ACCEPT iptables -P INPUT REJECT 

There are typoes. Can you copy the output of iptables-save ?
I can't ssh to server. 

"Server" = the host on which the above rules are created ?


iptables -A INPUT -p tcp -m tcp -s <my ip>   -j LOG

and got something strange in log:
eb  1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
 PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb  1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=47.98.0.13 LEN=15942 TOS=0x14 P
REC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb  1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.8.0 DST=0.0.0.13 LEN=0 TOS=0x00 PREC=0x00 T
TL=0 ID=0 PROTO=0
Feb  1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=0.0.0.13 LEN=15942 TOS=0x14 PRE
C=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb  1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.49.48.58 DST=255.255.0.13 LEN=15942 TOS=0x14
 PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb  1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
 PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb  1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.0.0 DST=0.0.0.13 LEN=19526 TOS=0x04 PREC=0x
40 TTL=0 ID=257 FRAG:256 PROTO=0

But these ip addresses are not my ip addresses.
Invalid IP address (DST=0.0.0.13), huge packet length (LEN=15942), unknown protocol number (PROTO=32)... It looks like the LOG output is completely messed up. Can you compare this to a network packet capture using tcpdump/ethereal/wireshark/other ?
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux