PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : iptables Internetprobleme, weiß jemand Ra?



Marktrix
08.06.07, 12:55
Hallo,

hatte einen offenen Port "111" diesen wollte ich schließen mit Firestarter.
Leider habe ich offenbar einen Fehler gemacht, dadurch komme ich garnicht mehr ins Internet. Nutze Ubuntu 7.10.

Folgende Informationen kann ich schonmal geben.

iptables --list



Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- res3.netcologne.de anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- res3.netcologne.de anywhere
ACCEPT tcp -- res1.netcologne.de anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- res1.netcologne.de anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Forward'

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- xdsl-84-44-128-162.netcologne.de res3.netcologne.de tcp dpt:domain
ACCEPT udp -- xdsl-84-44-128-162.netcologne.de res3.netcologne.de udp dpt:domain
ACCEPT tcp -- xdsl-84-44-128-162.netcologne.de res1.netcologne.de tcp dpt:domain
ACCEPT udp -- xdsl-84-44-128-162.netcologne.de res1.netcologne.de udp dpt:domain
ACCEPT 0 -- anywhere anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
OUTBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Output'

Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI 0 -- anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP 0 -- anywhere anywhere

Chain LSO (1 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSO 0 -- anywhere anywhere



grep -r iptables /etc


/etc/ppp/ip-down.d/0clampmss:iptables -t mangle -L -n -v --line-numbers | grep "TCPMSS.*$PPP_IFACE.*clamp" | cut -f1 -d " " | xargs -n1 -r iptables -t mangle -D FORWARD
/etc/ppp/ip-up.d/0clampmss:iptables -t mangle -o "$PPP_IFACE" --insert FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
/etc/bash_completion:# Linux iptables( completion
/etc/bash_completion:have iptables &&
/etc/bash_completion:_iptables()
/etc/bash_completion: COMPREPLY=( $( compgen -W '`iptables $table -nL | \
/etc/bash_completion: `iptables $table -nL | sed -ne "$chain" \
/etc/bash_completion: MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
/etc/bash_completion: MARK TOS `iptables $table -nL | sed -ne "$chain" \
/etc/bash_completion:complete -F _iptables iptables
/etc/firestarter/firewall: echo Fatal error: Your kernel does not support iptables.
/etc/firestarter/firestarter.sh:IPT=/sbin/iptables

Wäre super wenn mir jemand helfen könnte, will nicht mehr über Windows ins Internet kommen. Vielleicht gibt es ja einen Befehl um die Einstellungen zu Reseten.


Marktrix

ProfBunny
08.06.07, 20:50
löschen kannst du mit iptables -F table

zeig mal ein ifconfig, nicht das deine fw alle packete von dir selbst blockt
( DROP 0 -- 255.255.255.255 anywhere )


bzw was sagt iptables -xnvL


hth