Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Help with IP Table editing
« previous next »
Pages: [1]   Go Down

Help with IP Table editing

  • 3 Replies
  • 1868 Views

ACF

Help with IP Table editing
« on: May 03, 2004, 04:27:11 PM »
I have an SME 6.0 box with CLAM AV,  Spamassassin EZMLM and Mambo 4.5.1.07 running. I seem to have a block on on particular range of IPO adresses I need to reach.

Behind my mitel if I try to reach 207.103.198.x

I get no website, no ping, tracert says destination not reachable.

From outside the Mitel, on my network I can reach the destination fine.

Everywhere else on the web seems to work fine and be accessible.

I have reviewed all the fragments in /etc/e-smith/templates/etc/rc.d/init.d/masq (and templates-custom)

I cannot find any specific reference to DENY any IP address of this range. Can anyone suggest where or what I might look for to debug this?

Thank you! :-o
Logged

Offline briank

  • ***
  • 146
  • +0/-0
Help with IP Table editing
« Reply #1 on: May 04, 2004, 01:11:27 AM »
Hi - list all the firewall rules with iptables -L or install the unfinished firewall contrib which also lists them. Post here if you cant find a rule blocking.
Regards
Brian K
Logged

graviton

Help with IP Table editing
« Reply #2 on: May 05, 2004, 07:30:09 PM »
Here are the firewall rules: Thanks for any advice

Quote
FILTER
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
PPPconn all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
InboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
InboundTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
InboundUDP udp -- anywhere anywhere
denylog udp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc
gre-in gre -- anywhere anywhere
denylog gre -- anywhere anywhere
denylog all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
ForwardedTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
ForwardedUDP udp -- anywhere anywhere
denylog all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
OutboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_26922 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain ForwardedTCP_26922 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 10.6.18.2 tcp dpt:www
ACCEPT tcp -- anywhere 10.6.17.3 tcp dpt:smtp
ACCEPT tcp -- anywhere 10.6.17.3 tcp dpt:www

Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_26922 all -- anywhere anywhere
denylog udp -- anywhere anywhere

Chain ForwardedUDP_26922 (1 references)
target prot opt source destination

Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_26922 all -- anywhere anywhere
denylog icmp -- anywhere anywhere

Chain InboundICMP_26922 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere

Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_26922 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain InboundTCP_26922 (1 references)
target prot opt source destination
denylog all -- anywhere !10.6.17.2
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
denylog tcp -- anywhere anywhere tcp dpt:imap2
denylog tcp -- anywhere anywhere tcp dpt:ldap
denylog tcp -- anywhere anywhere tcp dpt:pop3
denylog tcp -- anywhere anywhere tcp dpt:1723
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
denylog tcp -- anywhere anywhere tcp dpt:telnet

Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_26922 all -- anywhere anywhere
denylog udp -- anywhere anywhere

Chain InboundUDP_26922 (1 references)
target prot opt source destination
denylog all -- anywhere !10.6.17.2

Chain OutboundICMP (1 references)
target prot opt source destination
OutboundICMP_26922 all -- anywhere anywhere
denylog icmp -- anywhere anywhere

Chain OutboundICMP_26922 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere

Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- anywhere anywhere

Chain PPPconn_1 (1 references)
target prot opt source destination

Chain denylog (24 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain gre-in (1 references)
target prot opt source destination
denylog all -- anywhere !10.6.17.2
denylog all -- anywhere anywhere

Chain local_chk (2 references)
target prot opt source destination
local_chk_26922 all -- anywhere anywhere

Chain local_chk_26922 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.6.18.0/24 anywhere

Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
 
 

NAT
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PortForwarding all -- anywhere anywhere
SMTPProxy tcp -- anywhere anywhere tcp dpt:smtp
TransProxy tcp -- anywhere anywhere tcp dpt:www

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
PostroutingOutbound all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain PortForwarding (1 references)
target prot opt source destination
PortForwarding_26922 all -- anywhere 10.6.17.2

Chain PortForwarding_26922 (1 references)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:3453 to:10.6.18.2:80
DNAT tcp -- anywhere anywhere tcp dpt:smtp to:10.6.17.3:25
DNAT tcp -- anywhere anywhere tcp dpt:234 to:10.6.17.3:80

Chain PostroutingOutbound (1 references)
target prot opt source destination
ACCEPT all -- 10.6.17.2 anywhere
MASQUERADE all -- anywhere anywhere

Chain SMTPProxy (1 references)
target prot opt source destination
ACCEPT all -- anywhere localhost
ACCEPT all -- anywhere www.mydomain.com
ACCEPT all -- anywhere 10.6.17.2
DNAT tcp -- anywhere anywhere to:10.6.18.1:25

Chain TransProxy (1 references)
target prot opt source destination
ACCEPT all -- anywhere localhost
ACCEPT all -- anywhere www.mydomain.com
ACCEPT all -- anywhere 10.6.17.2
DNAT tcp -- anywhere anywhere to:10.6.18.1:3128
 
 

MANGLE
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TOS tcp -- anywhere anywhere tcp dpt:ftp TOS set Minimize-Delay
TOS tcp -- anywhere anywhere tcp dpt:ssh TOS set Minimize-Delay
TOS tcp -- anywhere anywhere tcp dpt:telnet TOS set Minimize-Delay
TOS tcp -- anywhere anywhere tcp dpt:smtp TOS set Minimize-Delay
TOS tcp -- anywhere anywhere tcp dpt:www TOS set Minimize-Delay
TOS tcp -- anywhere anywhere tcp dpt:pop3 TOS set Minimize-Delay
TOS tcp -- anywhere anywhere tcp dpt:ftp-data TOS set Maximize-Throughput

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
 
Logged

Offline briank

  • ***
  • 146
  • +0/-0
Help with IP Table editing
« Reply #3 on: May 06, 2004, 12:02:53 AM »
Well nothing there seems to be the problem. With virtually the same rules I can ping 207.103.198.1
Did it used to work?
If so what have you installed since?
What is between the SME & internet?
You might like to turn on verbose logging of firewall temporarily and check the message log for clues
sbin/e-smith/db configuration setprop masq Logging all
/sbin/e-smith/signal-event remoteaccess-update
The message file will grow qiute quickly :(
Good luck
brian k
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Help with IP Table editing