realtec
03.08.02, 07:14
Suse Firewall + Apache Problem
Hallo, ich verwende Suse Linux 8.0. Apache Webserver läuft auch ohne Probleme wenn ich http://linux-server von einer Windows Kiste aufrufe....
Wenn ich aber von der Windowskiste mit http://aktuelleDSLip "über das Internet" auf den Websever will, bekomme ich "Seite kann nicht......"
In der Suse Firewall habe ich ALLE Dienste freigegeben.
iptables -L liefert folgendes:
Linux-Server:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:netbios-ns:netbios-dgm
DROP all -- loopback/8 anywhere
DROP all -- anywhere loopback/8
DROP all -- Linux-Server.local anywhere
DROP all -- p50837AB5.dip.t-dialin.net anywhere
input_ext all -- anywhere p50837AB5.dip.t-dialin.net
input_int all -- anywhere Linux-Server.local
DROP all -- anywhere 192.168.0.255
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere p50837AB5.dip.t-dialin.netLOG level war
ning tcp-options ip-options prefix `SuSE-FW-NO_ACCESS_INT->FWEXT '
DROP all -- anywhere p50837AB5.dip.t-dialin.net
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SY
N TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_int all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
LOG all -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-FORWARD-ERROR '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp port-unreachabl
e
ACCEPT icmp -- anywhere anywhere icmp fragmentation-n
eeded
ACCEPT icmp -- anywhere anywhere icmp network-prohibi
ted
ACCEPT icmp -- anywhere anywhere icmp host-prohibited
ACCEPT icmp -- anywhere anywhere icmp communication-p
rohibited
DROP icmp -- anywhere anywhere icmp destination-unr
eachable
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
LOG all -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-OUTPUT-ERROR '
Chain forward_dmz (0 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- 192.168.0.0/24 anywhere
DROP all -- anywhere Linux-Server.local
DROP all -- anywhere p50837AB5.dip.t-dialin.net
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere
Chain forward_ext (1 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
DROP all -- anywhere Linux-Server.local
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- anywhere p50837AB5.dip.t-dialin.net
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere
Chain input_dmz (0 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:time flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:finger flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:login flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dptrinter flag
s:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:swat flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:mysql flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:telnet
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:finger
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:who
DROP udp -- anywhere anywhere udp dptrinter
DROP udp -- anywhere anywhere udp dpt:smpnameres
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
DROP all -- anywhere anywhere
Chain input_ext (1 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- p50837AB5.dip.t-dialin.net anywhere icmp source-q
uench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dptop3
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dptop3s
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:rsync
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:telnet
REJECT tcp -- anywhere anywhere tcp dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:time flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:finger flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:login flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dptrinter flag
s:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:swat flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:mysql flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:telnet
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:finger
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:who
DROP udp -- anywhere anywhere udp dptrinter
DROP udp -- anywhere anywhere udp dpt:smpnameres
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state ESTABLISHED ud
p dpts:61000:65095
DROP all -- anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:ident flags: SYN,RST,ACK/SYN reject-with tcp-reset
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABL ISHED tcp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW, RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES TABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES TABLISHED udp dpts:1024:65535
DROP all -- anywhere anywhere
Linux-Server:~ #
------------------------------------------ ENDE ----------------------------
Weiss jmd. wo der Fehler in der Firewall liegt?
__________________
Mit freundlichen Usergrüssen
Christian
http://www.realtec.de
admin@realtec.de
#################
Brille: Fielmann
Server: Linux
Hallo, ich verwende Suse Linux 8.0. Apache Webserver läuft auch ohne Probleme wenn ich http://linux-server von einer Windows Kiste aufrufe....
Wenn ich aber von der Windowskiste mit http://aktuelleDSLip "über das Internet" auf den Websever will, bekomme ich "Seite kann nicht......"
In der Suse Firewall habe ich ALLE Dienste freigegeben.
iptables -L liefert folgendes:
Linux-Server:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:netbios-ns:netbios-dgm
DROP all -- loopback/8 anywhere
DROP all -- anywhere loopback/8
DROP all -- Linux-Server.local anywhere
DROP all -- p50837AB5.dip.t-dialin.net anywhere
input_ext all -- anywhere p50837AB5.dip.t-dialin.net
input_int all -- anywhere Linux-Server.local
DROP all -- anywhere 192.168.0.255
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere p50837AB5.dip.t-dialin.netLOG level war
ning tcp-options ip-options prefix `SuSE-FW-NO_ACCESS_INT->FWEXT '
DROP all -- anywhere p50837AB5.dip.t-dialin.net
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SY
N TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_int all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
LOG all -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-FORWARD-ERROR '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp port-unreachabl
e
ACCEPT icmp -- anywhere anywhere icmp fragmentation-n
eeded
ACCEPT icmp -- anywhere anywhere icmp network-prohibi
ted
ACCEPT icmp -- anywhere anywhere icmp host-prohibited
ACCEPT icmp -- anywhere anywhere icmp communication-p
rohibited
DROP icmp -- anywhere anywhere icmp destination-unr
eachable
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
LOG all -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-OUTPUT-ERROR '
Chain forward_dmz (0 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- 192.168.0.0/24 anywhere
DROP all -- anywhere Linux-Server.local
DROP all -- anywhere p50837AB5.dip.t-dialin.net
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere
Chain forward_ext (1 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
DROP all -- anywhere Linux-Server.local
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- anywhere p50837AB5.dip.t-dialin.net
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere
Chain input_dmz (0 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:time flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:finger flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:login flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dptrinter flag
s:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:swat flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:mysql flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:telnet
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:finger
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:who
DROP udp -- anywhere anywhere udp dptrinter
DROP udp -- anywhere anywhere udp dpt:smpnameres
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
DROP all -- anywhere anywhere
Chain input_ext (1 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- p50837AB5.dip.t-dialin.net anywhere icmp source-q
uench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dptop3
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dptop3s
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:rsync
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:telnet
REJECT tcp -- anywhere anywhere tcp dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:time flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:finger flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:login flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dptrinter flag
s:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:swat flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:mysql flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:telnet
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:finger
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:who
DROP udp -- anywhere anywhere udp dptrinter
DROP udp -- anywhere anywhere udp dpt:smpnameres
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state ESTABLISHED ud
p dpts:61000:65095
DROP all -- anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:ident flags: SYN,RST,ACK/SYN reject-with tcp-reset
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABL ISHED tcp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW, RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES TABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES TABLISHED udp dpts:1024:65535
DROP all -- anywhere anywhere
Linux-Server:~ #
------------------------------------------ ENDE ----------------------------
Weiss jmd. wo der Fehler in der Firewall liegt?
__________________
Mit freundlichen Usergrüssen
Christian
http://www.realtec.de
admin@realtec.de
#################
Brille: Fielmann
Server: Linux