Toon posts:

iptables debian. mail naar yahoo/hotmail en apt-get werkt ni

Pagina: 1
Acties:
  • 159 views sinds 30-01-2008
  • Reageer

vrijdag 1 april 2005 14:36

Acties:
  • kmf
  • Registratie: November 2000
  • Niet online

kmf

Topicstarter
Ik heb APF geinstalleerd op mijn debian server, maar vreemd genoeg werken een paar dingen niet meer naar behoren terwijl de configuratie er toch goed uit ziet.

Het meest duidelijke is de mailproblemen. Met de firewall geactiveerd, gaan mail naar yahoo, hotmail en andere online mailservices niet meer door. Mail naar "normale" services werken er wel.

Apt-get en wget worden ook opgeslokt.

Hier is de iptables -L. Alle benodigde poorten lijken me open, dus ik weet niet waar het aan ligt.

Iemand een idee?

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  localhost            anywhere           
DROP       tcp  --  anywhere             anywhere           tcp dpts:loc-srv:netbios-ssn 
DROP       udp  --  anywhere             anywhere           udp dpts:loc-srv:netbios-ssn 
DROP       tcp  --  anywhere             anywhere           tcp dpt:sunrpc 
DROP       udp  --  anywhere             anywhere           udp dpt:sunrpc 
DROP       tcp  --  anywhere             anywhere           tcp dpt:login 
DROP       udp  --  anywhere             anywhere           udp dpt:who 
DROP       tcp  --  anywhere             anywhere           tcp dpt:microsoft-ds 
DROP       udp  --  anywhere             anywhere           udp dpt:microsoft-ds 
DROP       tcp  --  anywhere             anywhere           tcp dpt:ms-sql-s 
DROP       udp  --  anywhere             anywhere           udp dpt:ms-sql-s 
DROP       tcp  --  anywhere             anywhere           tcp dpt:ms-sql-m 
DROP       udp  --  anywhere             anywhere           udp dpt:ms-sql-m 
DROP       tcp  --  anywhere             anywhere           tcp dpt:1234 
DROP       udp  --  anywhere             anywhere           udp dpt:1234 
DROP       tcp  --  anywhere             anywhere           tcp dpt:ingreslock 
DROP       udp  --  anywhere             anywhere           udp dpt:ingreslock 
DROP       tcp  --  anywhere             anywhere           tcp dpt:3127 
DROP       udp  --  anywhere             anywhere           udp dpt:3127 
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere           
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere           
LD         all  --  anywhere             0.0.0.0            
DROP       icmp --  anywhere             0.0.0.255/0.0.0.255
DROP       all  --  anywhere             0.0.0.255/0.0.0.255
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN/FIN,SYN 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN,RST 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,RST/FIN,RST 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,ACK/FIN 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:ACK,URG/URG 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:PSH,ACK/PSH 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
IN_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN 
DROP       tcp  --  anywhere             anywhere           tcp option=64 
DROP       tcp  --  anywhere             anywhere           tcp option=128 
FUDP       udp  -f  anywhere             anywhere           
PZ         udp  --  anywhere             anywhere           udp dpt:0 
PZ         tcp  --  anywhere             anywhere           tcp dpt:0 
REJECT     tcp  --  anywhere             anywhere           tcp dpt:auth reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere           udp dpt:113 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere           tcp dpts:4660:4666 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere           udp dpts:4660:4666 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere           tcp dpts:gnutella-svc:gnutella-rtr reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere           udp dpts:gnutella-svc:gnutella-rtr reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:imap2 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:2095 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:2096 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:8000 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:8001 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:19638 
ACCEPT     udp  --  anywhere             anywhere           udp dpt:domain 
ACCEPT     icmp --  anywhere             anywhere           icmp destination-unreachable limit: avg 14/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere           icmp redirect limit: avg 14/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere           icmp time-exceeded limit: avg 14/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere           icmp echo-reply limit: avg 14/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere           icmp type 30 limit: avg 14/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request limit: avg 14/sec burst 5 
ACCEPT     udp  --  anywhere             anywhere           udp spt:domain dpts:1023:65535 
ACCEPT     tcp  --  anywhere             anywhere           tcp spt:domain dpts:1023:65535 
ACCEPT     tcp  --  anywhere             anywhere           tcp spts:32770:32780 dpts:33434:33500 
ACCEPT     udp  --  anywhere             anywhere           udp spts:32770:32780 dpts:33434:33500 
LOG        tcp  --  anywhere             anywhere           limit: avg 45/min burst 5 LOG level warning prefix `** IN_TCP DROP ** ' 
LOG        udp  --  anywhere             anywhere           limit: avg 45/min burst 5 LOG level warning prefix `** IN_UDP DROP ** ' 
DROP       tcp  --  anywhere             anywhere           
DROP       udp  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             localhost          
ACCEPT     all  --  anywhere             x1337.demon.nl     
ACCEPT     all  --  anywhere             82-168-174-194-bbxl.xdsl.tiscali.nl
DROP       all  --  anywhere             dsl-082-082-089-203.arcor-ip.net
DROP       tcp  --  anywhere             anywhere           tcp dpts:loc-srv:netbios-ssn 
DROP       udp  --  anywhere             anywhere           udp dpts:loc-srv:netbios-ssn 
DROP       tcp  --  anywhere             anywhere           tcp dpt:sunrpc 
DROP       udp  --  anywhere             anywhere           udp dpt:sunrpc 
DROP       tcp  --  anywhere             anywhere           tcp dpt:login 
DROP       udp  --  anywhere             anywhere           udp dpt:who 
DROP       tcp  --  anywhere             anywhere           tcp dpt:microsoft-ds 
DROP       udp  --  anywhere             anywhere           udp dpt:microsoft-ds 
DROP       tcp  --  anywhere             anywhere           tcp dpt:ms-sql-s 
DROP       udp  --  anywhere             anywhere           udp dpt:ms-sql-s 
DROP       tcp  --  anywhere             anywhere           tcp dpt:ms-sql-m 
DROP       udp  --  anywhere             anywhere           udp dpt:ms-sql-m 
DROP       tcp  --  anywhere             anywhere           tcp dpt:1234 
DROP       udp  --  anywhere             anywhere           udp dpt:1234 
DROP       tcp  --  anywhere             anywhere           tcp dpt:ingreslock 
DROP       udp  --  anywhere             anywhere           udp dpt:ingreslock 
DROP       tcp  --  anywhere             anywhere           tcp dpt:3127 
DROP       udp  --  anywhere             anywhere           udp dpt:3127 
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere           
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere           
DROP       all  --  anywhere             0.0.0.0            
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,SYN/FIN,SYN 
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN,RST 
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,RST/FIN,RST 
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:FIN,ACK/FIN 
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:PSH,ACK/PSH 
OUT_SANITY  tcp  --  anywhere             anywhere           tcp flags:ACK,URG/URG 
FUDP       udp  -f  anywhere             anywhere           
PZ         udp  --  anywhere             anywhere           udp dpt:0 
PZ         tcp  --  anywhere             anywhere           tcp dpt:0 
REJECT     tcp  --  anywhere             anywhere           tcp dpts:4660:4666 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere           udp dpts:4660:4666 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere           tcp dpts:gnutella-svc:gnutella-rtr reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere           udp dpts:gnutella-svc:gnutella-rtr reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:81 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:whois 
ACCEPT     udp  --  anywhere             anywhere           udp dpt:20 
ACCEPT     udp  --  anywhere             anywhere           udp dpt:fsp 
ACCEPT     udp  --  anywhere             anywhere           udp dpt:domain 
ACCEPT     icmp --  anywhere             anywhere           limit: avg 14/sec burst 5 
LOG        tcp  --  anywhere             anywhere           limit: avg 45/min burst 5 LOG level warning prefix `** OUT_TCP DROP ** ' 
LOG        udp  --  anywhere             anywhere           limit: avg 45/min burst 5 LOG level warning prefix `** OUT_UDP DROP ** ' 
DROP       tcp  --  anywhere             anywhere           
DROP       udp  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain FUDP (2 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level warning prefix `** UDP Frag **' 
DROP       all  --  anywhere             anywhere           

Chain IN_SANITY (11 references)
target     prot opt source               destination         
LOG        tcp  --  anywhere             anywhere           LOG level warning prefix `** IN_SANITY **' 
DROP       tcp  --  anywhere             anywhere           

Chain LA (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level warning 
ACCEPT     all  --  anywhere             anywhere           

Chain LD (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level warning 
DROP       all  --  anywhere             anywhere           

Chain LMAC (0 references)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere           reject-with icmp-net-prohibited 

Chain OUT_SANITY (7 references)
target     prot opt source               destination         
LOG        tcp  --  anywhere             anywhere           LOG level warning prefix `** OUT_SANITY **' 
DROP       tcp  --  anywhere             anywhere           

Chain PROHIBIT (0 references)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere           reject-with icmp-host-prohibited 

Chain PZ (4 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level warning prefix `** Port Zero **' 
DROP       all  --  anywhere             anywhere           

Chain RESET (0 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere           reject-with tcp-reset 

Chain SSH_LOG (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level warning prefix `** SSH ** ' 

Chain TELNET_LOG (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level warning prefix `** TELNET ** '

One thing's certain: the iPad seriously increases toilet time.. tibber uitnodigingscode: bqufpqmp

vrijdag 1 april 2005 16:35

Acties:
  • Kees
  • Registratie: Juni 1999
  • Laatst online: 16:56

Kees

Serveradmin / BOFH / DoC
Deze firewall die hierboven staat werkt voor geen meter, zowel in als out wordt in de eerste regel geaccepteerd, de rest van de rules komt dus nooit in aanmerking.

Verder zou ik, als ik jou was, gewoon proberen te apt-getten met de firewall aan, en dan kijken welke rules getriggered worden (iptables -L -nvx)

"Een serveradmin, voluit een serveradministrator, is dan weer een slavenbeheerder oftewel een slavendrijver" - Rataplan

Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2026 Hosting door TrueFullstaq