[NTLUG:Discuss] ropost for easy to read firewall file. RE: routing problem?

Wed Sep 10 09:47:30 CDT 2008

I am sorry for the long line file.Hope this will work for easy to read.see below.

> Date: Wed, 10 Sep 2008 07:01:51 -0500> From: trryhend at gmail.com> To: discuss at ntlug.org> Subject: Re: [NTLUG:Discuss] routing problem?> > On Tue, Sep 9, 2008 at 8:50 PM, m m <llliiilll at hotmail.com> wrote:> > > All:> >> > I have the use fedora 8 as a firewall/router.> > Time Wanner basic cable connection.> > Don't know what the problem, when try to download a file, it only goes to 9> > kb/sec.> >> > Another "big" problem is> > only that fedora 8 firewall/router box can go to http://mypisd.net> > the rest of my computers (connect to the internet via this firewall/router> > box) can't find that server (can't go that web site)> > this is the error message:> > Internet Explorer can't display the page> > ...> >> > How/What can cause the problem?> >> > Again, the rest of my computers can go any other web sites except> > mypisd.net site.> >> > Can any one help?> >> > Thanks.> >> > We might be able to help if you will send your firewall script, the hosts> file and a snapshot of tcpdump while you are trying to go to mypsid.net> _  ok, here are the files.firewall script:---------------------------------------------------------------------#!/bin/shecho "1" > /proc/sys/net/ipv4/ip_forwardiptables -F -v# Insert the required kernel modulesmodprobe iptable_natmodprobe ip_conntrackmodprobe ip_conntrack_ftpmodprobe ip_nat_ftp# Set default policies for packets going through this firewall box# Kill spoofed packetsfor f in /proc/sys/net/ipv4/conf/*/rp_filter; do     echo 1 > $fdone# Anything coming from our internal network should have only our addresses!# iptables -A FORWARD -i eth1 -s ! 192.168.1.0/24 -j DROPiptables -A FORWARD -i eth0 -s 169.151.6.100 -j ACCEPTiptables  -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j  MASQUERADEiptables  -v -t nat -A POSTROUTING -d 24.xxx.xxx.xxx -j  MASQUERADE# Note:There are more "reserved" networks, but these are the classical ones.# Block outgoing network filesharing protocols that aren't designed# to leave the LAN#    SMB / Windows filesharingiptables -A FORWARD -p tcp --sport 137:139 -j DROPiptables -A FORWARD -p udp --sport 137:139 -j DROP#    NFS Mount Service (TCP/UDP 635)iptables -A FORWARD -p tcp --sport 635 -j DROPiptables -A FORWARD -p udp --sport 635 -j DROP#    NFS (TCP/UDP 2049)iptables -A FORWARD -p tcp --sport 2049 -j DROPiptables -A FORWARD -p udp --sport 2049 -j DROP#    Portmapper (TCP/UDP 111)iptables -A FORWARD -p tcp --sport 111 -j DROPiptables -A FORWARD -p udp --sport 111 -j DROP# Block incoming syslog, lpr, rsh, rexec...iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROPiptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROPiptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROPiptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP# Source NAT to get Internet traffic throughiptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 24.xxx.xxx.xxxecho "1" > /proc/sys/net/ipv4/ip_forward ------------------------------------------------------------hosts:-------------------------------------------------------# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost heddy::1 localhost.localdomain localhost a1192.168.1.2 a2 192.168.1.3 a3192.168.1.4 a4 192.168.1.5 a5 192.168.1.6 a6 192.168.1.7 a7192.168.1.8 a8 192.168.1.9 a9 192.168.1.1 a1 --------------------------------------------------------------the hosts.allow and hosts.deny are blank. (only default notes)the one I have missed here are tcpdump, what tcpdump args I need use for getting a snapshot?in other words, what how do I make a tcpdump snapshot?I have triedtcpdump > filenamebut not succeed.Answer you other questions in this thread:1. I don't run squid caching proxy.2. I don't use firestarter.3. nothing in the /etc/hosts.deny and /etc/hostd.deny Let me know if you need more information.please help.Thanks.   ______________________________________________> http://www.ntlug.org/mailman/listinfo/discuss

Get more out of the Web. Learn 10 hidden secrets of Windows Live. Learn Now 
_________________________________________________________________
Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008