[ale] Ale Digest, Vol 121, Issue 10

Andrew Sledge asledge at gpc.edu
Thu Nov 23 22:02:38 EST 2006


> Message: 2
> Date: Thu, 23 Nov 2006 12:07:56 -0500
> From: Jim <ale_nospam at fayettedigital.com>
> Subject: [ale] iptables problem
> To: Atlanta Linux Enthusiasts <ale at ale.org>
> Message-ID: <4565D56C.1060800 at fayettedigital.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> I'm having trouble still getting the iptables set up.
> 
> What are these messages telling me?  I sort of thought I had ssh enabled 
> both ways and the same for bootps which is 67 I think.
> 
> Nov 23 11:58:19 fdcga dhclient: DHCPREQUEST on eth0 to 67.18.92.17 port 67
> Nov 23 11:58:19 fdcga dhclient: send_packet: Operation not permitted
> Nov 23 11:58:19 fdcga kernel: RULE 9 -- DENY IN= OUT=eth0 
> SRC=69.93.127.205 DST=67.18.92.17 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 
> DF PROTO=UDP SPT=68 DPT=67 LEN=308
> Nov 23 11:58:23 fdcga kernel: RULE 9 -- DENY IN= OUT=eth0 
> SRC=69.93.127.205 DST=69.61.66.106 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 
> DF PROTO=TCP SPT=1375 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
> 
> extract from the iptables -L display
> Chain Cid455E1AF011509.0 (1 references)
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> multiport dports www,ssh,https
> 
> Chain INPUT (policy DROP)
> ACCEPT     icmp --  anywhere             anywhere            icmp 
> destination-unreachable state NEW
> ACCEPT     udp  --  anywhere             anywhere            udp 
> dpt:bootps state NEW
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state 
> RELATED,ESTABLISHED
> In_RULE_0  all  --  fdcga.com            anywhere
> RULE_9     all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy DROP)
> ACCEPT     udp  --  anywhere             fdcga.com           udp 
> dpt:bootps state NEW
> 
> Chain RULE_9 (3 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere            LOG level 
> info prefix `RULE 9 -- DENY '
> DROP       all  --  anywhere             anywhere
> 
> 
> It's pretty big so I didn't want to put it all in an email.
> 
> Thanks for any assistance you might be able to give.  I'm using 
> fwbuilder to generate these lines, otherwise I wouldn't be this far.
> 
> Jim.

http://www.irishchronicles.com/filebin/firewall.sh.txt






More information about the Ale mailing list