Re: [gentoo-user] Setting up a home router - gentoo-user

From:	Daniel Pielmeier <daniel.pielmeier@××××××××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Setting up a home router
Date:	Wed, 17 Jan 2007 19:10:06
Message-Id:	`6142e6140701171102k39c734d6gec6a11ebc29abcbd@mail.gmail.com`
In Reply to:	Re: [gentoo-user] Setting up a home router by Hans-Werner Hilse

1

Hi again,

2

3

it seems that i was running in another problem.

4

5

This are my current iptables!

6

7

Chain INPUT (policy ACCEPT)

8

target     prot opt source               destination

9

block      all  --  anywhere             anywhere

10

11

Chain FORWARD (policy ACCEPT)

12

target     prot opt source               destination

13

ACCEPT     all  --  anywhere             anywhere            state

14

NEW,RELATED,ESTABLISHED

15

ACCEPT     all  --  anywhere             anywhere            state

16

NEW,RELATED,ESTABLISHED

17

ACCEPT     all  --  anywhere             anywhere            state

18

RELATED,ESTABLISHED

19

block      all  --  anywhere             anywhere

20

21

Chain OUTPUT (policy ACCEPT)

22

target     prot opt source               destination

23

24

Chain block (2 references)

25

target     prot opt source               destination

26

ACCEPT     all  --  anywhere             anywhere            state

27

RELATED,ESTABLISHED

28

ACCEPT     all  --  anywhere             anywhere            state NEW

29

DROP       all  --  anywhere             anywhere

30

31

But everytime i start my internet connection with /etc/init.d/net.eth1

32

start it seems my rules were changed to this and i can't connect to

33

the internet!

34

35

Chain INPUT (policy ACCEPT)

36

target     prot opt source               destination

37

LOG        udp  --  anywhere             anywhere            udp

38

dpts:0:1023 LOG level warning

39

LOG        tcp  --  anywhere             anywhere            tcp

40

dpts:0:1023 LOG level warning

41

DROP       udp  --  anywhere             anywhere            udp dpts:0:1023

42

DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023

43

LOG        tcp  --  anywhere             anywhere            tcp

44

flags:FIN,SYN,RST,ACK/SYN LOG level warning

45

DROP       tcp  --  anywhere             anywhere            tcp

46

flags:FIN,SYN,RST,ACK/SYN

47

DROP       icmp --  anywhere             anywhere            icmp echo-request

48

49

Chain FORWARD (policy DROP)

50

target     prot opt source               destination

51

52

Chain OUTPUT (policy ACCEPT)

53

target     prot opt source               destination

54

55

Chain block (0 references)

56

target     prot opt source               destination

57

ACCEPT     all  --  anywhere             anywhere            state

58

RELATED,ESTABLISHED

59

ACCEPT     all  --  anywhere             anywhere            state NEW

60

DROP       all  --  anywhere             anywhere

61

62

What could be the problem here? Is the net init-script changing my

63

rules? I think i have removed shorewall completely, so there shouldn't

64

be any remaining files which could cause that behavior. Or are there

65

some remaining files from shorewall? When i invoke iptables save with

66

my generate rules and restart

67

iptables, the rules are ok and i can connect!

68

69

Thanks in advance!

70

71

Daniel

72

--

73

gentoo-user@g.o mailing list

Gentoo Archives: gentoo-user

Replies

1	Hi again,
2
3	it seems that i was running in another problem.
4
5	This are my current iptables!
6
7	Chain INPUT (policy ACCEPT)
8	target prot opt source destination
9	block all -- anywhere anywhere
10
11	Chain FORWARD (policy ACCEPT)
12	target prot opt source destination
13	ACCEPT all -- anywhere anywhere state
14	NEW,RELATED,ESTABLISHED
15	ACCEPT all -- anywhere anywhere state
16	NEW,RELATED,ESTABLISHED
17	ACCEPT all -- anywhere anywhere state
18	RELATED,ESTABLISHED
19	block all -- anywhere anywhere
20
21	Chain OUTPUT (policy ACCEPT)
22	target prot opt source destination
23
24	Chain block (2 references)
25	target prot opt source destination
26	ACCEPT all -- anywhere anywhere state
27	RELATED,ESTABLISHED
28	ACCEPT all -- anywhere anywhere state NEW
29	DROP all -- anywhere anywhere
30
31	But everytime i start my internet connection with /etc/init.d/net.eth1
32	start it seems my rules were changed to this and i can't connect to
33	the internet!
34
35	Chain INPUT (policy ACCEPT)
36	target prot opt source destination
37	LOG udp -- anywhere anywhere udp
38	dpts:0:1023 LOG level warning
39	LOG tcp -- anywhere anywhere tcp
40	dpts:0:1023 LOG level warning
41	DROP udp -- anywhere anywhere udp dpts:0:1023
42	DROP tcp -- anywhere anywhere tcp dpts:0:1023
43	LOG tcp -- anywhere anywhere tcp
44	flags:FIN,SYN,RST,ACK/SYN LOG level warning
45	DROP tcp -- anywhere anywhere tcp
46	flags:FIN,SYN,RST,ACK/SYN
47	DROP icmp -- anywhere anywhere icmp echo-request
48
49	Chain FORWARD (policy DROP)
50	target prot opt source destination
51
52	Chain OUTPUT (policy ACCEPT)
53	target prot opt source destination
54
55	Chain block (0 references)
56	target prot opt source destination
57	ACCEPT all -- anywhere anywhere state
58	RELATED,ESTABLISHED
59	ACCEPT all -- anywhere anywhere state NEW
60	DROP all -- anywhere anywhere
61
62	What could be the problem here? Is the net init-script changing my
63	rules? I think i have removed shorewall completely, so there shouldn't
64	be any remaining files which could cause that behavior. Or are there
65	some remaining files from shorewall? When i invoke iptables save with
66	my generate rules and restart
67	iptables, the rules are ok and i can connect!
68
69	Thanks in advance!
70
71	Daniel
72	--
73	gentoo-user@g.o mailing list