Re: Firestarter firewall problem

Micha Silver Fri, 12 Dec 2008 03:21:03 -0800

Looks OK.

After you start the firewall, can you successfully ping an IP address?

Try to ping your DNS servers: 194.90.1.5 and 212.143.212.143

If that works try to ping a domain name, i.e ping www.yahoo.com

David Ronkin wrote:

Here we go:
# iptables -t filter --line-numbers -nvL
gives:

Chain OUTPUT (policy DROP 61 packets, 5773 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp -- *      *       172.21.154.181       212.143.212143     tcp dpt:53
2        3   204 ACCEPT     udp -- *      *       172.21.154.181       212.143.212143     udp dpt:53
3        0     0 ACCEPT     tcp -- *      *       172.21.154.181       194.90.1.5          tcp dpt:53
4        2   136 ACCEPT     udp -- *      *       172.21.154.181       194.90.1.5          udp dpt:53
5        2    84 ACCEPT     all -- *      lo      0.0.0.0/0            0.0.0.0/0
6        0     0 DROP       all -- *      *       224.0.0.0/8          0.0.0.0/0
7        0     0 DROP       all -- *      *       0.0.0.0/0            224.0.0.0/8
8        0     0 DROP       all -- *      *       255.255.255.255      0.0.0.0/0
9        0     0 DROP       all -- *      *       0.0.0.0/0            0.0.0.0
10       0     0 DROP       all -- *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
11      18 1286 OUTBOUND   all -- *      eth0    0.0.0.0/0            0.0.0.0/0
12      61 5773 LOG_FILTER all -- *      *       0.0.0.0/0            0.0.0.0/0
13      61 5773 LOG        all -- *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Output'

and

# iptables -t filter --line-numbers -nvL OUTBOUND
Chain OUTBOUND (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        1    80 ACCEPT     icmp -- *      *       0.0.0.0/0            0.0.0.0/0
2        5   232 ACCEPT     tcp -- *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
3        0     0 ACCEPT     udp -- *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
4       57 3026 ACCEPT     all -- *      *       0.0.0.0/0            0.0.0.0/0

Thanks
David

2008/12/11 Micha Silver <mi...@arava.co.il>

David Ronkin wrote:

This is second message - no suggestions on the below problem, pls help...

Can you post the results of :
$ sudo iptables -t filter --line-numbers -nvL OUTPUT
and
$ sudo iptables -t filter --line-numbers -nvL OUTBOUND
(firestarter creates this chain)

Especially the lines which are DROPped. On my setup I see:
Chain OUTPUT (policy DROP 2 packets, 168 bytes)
....
0 0 DROP all -- * * 224.0.0.0/8 0.00.0/0 2 136 DROP all -- * * 0.00.0/0 224.0.0.0/8 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.00 0 0 DROP all -- * * 0.00.0/0 0.0.0.0/0 state INVALID
...
Chain OUTBOUND (1 references)
num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 2 1077 102K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 0 0 ACCEPT udp -- * * 0.00.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 505 21305 ACCEPT all -- * * 0.00.0/0 0.0.0.0/0

In other words, Send more details and someone should be able to help.

--
Micha

--
בברכה,
דוד רונקין

This mail was received via Mail-SeCure System.

================================================================To unsubscribe, send mail to linux-il-requ...@cs.huji.ac.il with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail linux-il-requ...@cs.huji.ac.il

Re: Firestarter firewall problem

Reply via email to