| View previous topic :: View next topic |
| Author |
Message |
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
 Posted: Fri Jan 18, 2008 4:51 pm Post subject: iptables block samba [resolved] |
 |
|
the headers says it all, I think I've got the rules right, something is still blocking samba
here is iptable rules:
| Code: |
# Generated by iptables-save v1.3.8 on Fri Jan 18 14:11:06 2008
*filter
:INPUT ACCEPT [5:952]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1192099:595387635]
# accept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT
# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# ssh
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# ftp / webserver related
-A INPUT -p tcp -m state --state NEW --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
# Windows / Samba
-A INPUT -p udp -m state --state NEW --dport 137:138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 426 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 445 -j ACCEPT
# up to 5 Bit-torrent connections
-A INPUT -p tcp -m state --state NEW --dport 6881:6886 -j ACCEPT
# reject everything else
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jan 18 14:11:06 2008
|
what did I do wrong?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Last edited by DaggyStyle on Sat Jan 26, 2008 5:50 am; edited 3 times in total |
|
| Back to top |
|
 |
Berty
n00b
Joined: 27 Aug 2007
Posts: 20
|
| Posted: Fri Jan 18, 2008 5:23 pm Post subject: |
|
|
| As far as I remember, you need module ip_conntrack to be loaded in order to trace machine states ( though I'm not sure ). Try to check if it's loaded. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sat Jan 19, 2008 7:43 am Post subject: |
|
|
yes, compile has module
here is the relevant .config
| Code: |
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=y
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATE=y
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
# CONFIG_NF_CT_PROTO_SCTP is not set
# CONFIG_NF_CT_PROTO_UDPLITE is not set
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=y
# CONFIG_NF_CONNTRACK_H323 is not set
CONFIG_NF_CONNTRACK_IRC=y
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_IPRANGE is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
# CONFIG_IP_NF_TARGET_REDIRECT is not set
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_NF_NAT_SNMP_BASIC is not set
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_IRC=y
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_NF_CONNTRACK_IPV6 is not set
# CONFIG_IP6_NF_QUEUE is not set
# CONFIG_IP6_NF_IPTABLES is not set
|
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sat Jan 19, 2008 9:47 am Post subject: |
|
|
apparently this:
| Code: |
-A INPUT -j REJECT --reject-with icmp-port-unreachable |
was the problem.
I'll mark it has solved.[/code]
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
coolsnowmen
Veteran
Joined: 30 Jun 2004
Posts: 1479
Location: No.VA
|
| Posted: Sat Jan 19, 2008 9:53 am Post subject: |
|
|
are you removing that line, (the one that says 'else reject')
doesn't that defeat the purpose of having a firewall?
_________________
emerge: there are no ebuilds to satisfy "moo" |
|
| Back to top |
|
|
schachti
Advocate
Joined: 28 Jul 2003
Posts: 3765
Location: Gifhorn, Germany
|
| Posted: Sat Jan 19, 2008 10:05 am Post subject: |
|
|
| coolsnowmen wrote: | | doesn't that defeat the purpose of having a firewall? |
Of course it does. Without that line, iptables does the following:
* if from localhost: ACCEPT
* if from established connection: ACCEPT
* ...
* else: ACCEPT
So without the reject line, everything is accepted.
_________________
Never argue with an idiot. He brings you down to his level, then beats you with experience.
How-To: Daten verschlüsselt auf DVD speichern. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sun Jan 20, 2008 1:03 pm Post subject: |
|
|
ok, then it is reopened, can you guys help me sort it out?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21631
|
| Posted: Sun Jan 20, 2008 5:20 pm Post subject: |
|
|
Please use net-analyzer/tcpdump to capture some traffic sent from the Windows system. Run it as tcpdump -i any -v -n. Post the output.
Also, did you intend to offer Samba service to the Internet? You have rules for BitTorrent, which is typically an Internet facing service, so I assume this box is directly on the Internet. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sun Jan 20, 2008 5:59 pm Post subject: |
|
|
the box is connected to a local network which is connected to the net, I want to use it has a share to the local network
here is less than a second output:
| Code: |
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
20:02:50.287980 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 64) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 36
20:02:50.297206 IP (tos 0x0, ttl 128, id 53081, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:50.297375 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96) 132.72.150.211.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:02:50.311276 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:50.313301 arp who-has 132.72.148.254 tell 132.72.149.108
20:02:50.345933 IP (tos 0x0, ttl 128, id 15219, offset 0, flags [none], proto UDP (17), length 242) 132.72.149.111.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:50.360993 IP6 (hlim 1, next-header UDP (17) payload length: 35) fe80::798c:1920:9655:8a18.58295 > ff02::1:3.5355: [udp sum ok] UDP, length 27
20:02:50.387821 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:50.388990 arp who-has 132.72.148.59 tell 132.72.151.249
20:02:50.420601 arp who-has 132.72.148.80 tell 132.72.150.45
20:02:50.442846 arp who-has 132.72.148.80 tell 132.72.149.54
20:02:50.554555 IP (tos 0x0, ttl 128, id 30053, offset 0, flags [none], proto UDP (17), length 202) 132.72.148.173.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:50.568188 IP (tos 0x0, ttl 128, id 63783, offset 0, flags [DF], proto TCP (6), length 48) 132.72.149.184.4057 > 132.72.148.243.139: S, cksum 0x6c4e (correct), 2419409659:2419409659(0) win 65535 <mss 1460,nop,nop,sackOK>
20:02:50.568238 IP (tos 0xc0, ttl 64, id 11688, offset 0, flags [none], proto ICMP (1), length 76) 132.72.148.243 > 132.72.149.184: ICMP 132.72.148.243 tcp port 139 unreachable, length 56
IP (tos 0x0, ttl 128, id 63783, offset 0, flags [DF], proto TCP (6), length 48) 132.72.149.184.4057 > 132.72.148.243.139: S, cksum 0x6c4e (correct), 2419409659:2419409659(0) win 65535 <mss 1460,nop,nop,sackOK>
20:02:50.570045 IP (tos 0x0, ttl 128, id 30056, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.173.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:50.579269 IP (tos 0x0, ttl 128, id 31944, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.169.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:50.580460 arp who-has 132.72.149.41 tell 132.72.148.242
20:02:50.655414 IP (tos 0x0, ttl 128, id 11749, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.156.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:50.657869 IP (tos 0x0, ttl 128, id 25849, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.195.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:50.657879 arp who-has 132.72.148.254 tell 132.72.148.93
20:02:50.666117 IP (tos 0x0, ttl 128, id 1785, offset 0, flags [none], proto UDP (17), length 96) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:02:50.673565 IP (tos 0x0, ttl 128, id 6857, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.160.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:50.789784 arp who-has 132.72.148.254 tell 132.72.149.44
20:02:50.809217 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:50.815183 arp who-has 132.72.148.80 tell 132.72.148.188
20:02:50.829382 arp who-has 132.72.148.80 tell 132.72.151.15
20:02:50.850856 IP (tos 0x0, ttl 128, id 53832, offset 0, flags [none], proto UDP (17), length 229) 132.72.149.254.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:50.887768 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:50.898416 arp who-has 132.72.148.80 tell 132.72.150.253
20:02:50.918121 IP6 (hlim 1, next-header UDP (17) payload length: 32) fe80::5cde:937b:9572:2a25.57706 > ff02::1:3.5355: [udp sum ok] UDP, length 24
20:02:50.938481 arp who-has 132.72.149.68 tell 132.72.150.36
20:02:50.941686 arp who-has 132.72.148.80 tell 132.72.150.36
20:02:50.943109 arp who-has 132.72.150.36 tell 132.72.148.80
20:02:50.978031 IP (tos 0x0, ttl 128, id 21411, offset 0, flags [none], proto UDP (17), length 233) 132.72.148.209.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.018113 IP6 (hlim 1, next-header UDP (17) payload length: 32) fe80::5cde:937b:9572:2a25.57706 > ff02::1:3.5355: [udp sum ok] UDP, length 24
20:02:51.019834 arp who-has 132.72.148.80 tell 132.72.150.25
20:02:51.046438 IP (tos 0x0, ttl 128, id 53086, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.099071 IP (tos 0x0, ttl 128, id 852, offset 0, flags [none], proto UDP (17), length 202) 132.72.148.253.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.099306 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220) 132.72.148.243.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.122110 IP (tos 0x0, ttl 128, id 855, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.253.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.218330 IP (tos 0x0, ttl 128, id 1794, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.218506 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96) 132.72.150.211.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:02:51.253876 arp who-has 132.72.149.48 tell 132.72.148.242
20:02:51.289212 IP (tos 0x0, ttl 128, id 11433, offset 0, flags [none], proto UDP (17), length 202) 132.72.149.46.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.303099 IP (tos 0x0, ttl 128, id 11436, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.46.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.310038 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:51.319976 IP (tos 0x0, ttl 128, id 30057, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.173.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.343432 IP (tos 0x0, ttl 128, id 31945, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.169.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.368929 arp who-has 132.72.148.80 tell 132.72.150.240
20:02:51.387709 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:51.394919 arp who-has 132.72.148.59 tell 132.72.151.249
20:02:51.405329 IP (tos 0x0, ttl 128, id 11750, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.156.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.408045 IP (tos 0x0, ttl 128, id 25868, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.195.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.416269 IP (tos 0x0, ttl 128, id 1796, offset 0, flags [none], proto UDP (17), length 96) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:02:51.480844 IP (tos 0x0, ttl 128, id 44107, offset 0, flags [none], proto UDP (17), length 229) 132.72.151.121.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.488357 arp who-has 132.72.148.80 tell 132.72.149.116
20:02:51.580402 arp who-has 132.72.149.45 tell 132.72.148.242
20:02:51.592130 IP (tos 0x0, ttl 128, id 17541, offset 0, flags [none], proto UDP (17), length 229) 132.72.150.52.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.660137 arp who-has 132.72.148.80 tell 132.72.150.213
20:02:51.667780 arp who-has 132.72.150.75 tell 132.72.149.31
20:02:51.686789 IP (tos 0x0, ttl 128, id 13489, offset 0, flags [none], proto UDP (17), length 229) 132.72.149.183.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:51.703321 IPX 11111111.00:14:22:c8:ce:3d.0453 > 11111111.ff:ff:ff:ff:ff:ff.0453: ipx-rip-resp 3699396654/1.2
20:02:51.713947 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 64) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 36
20:02:51.763918 arp who-has 132.72.148.80 tell 132.72.148.210
20:02:51.778436 arp who-has 132.72.148.80 tell 132.72.148.190
20:02:51.787656 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 64) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 36
20:02:51.796726 IP (tos 0x0, ttl 128, id 53088, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.812915 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:51.872054 IP (tos 0x0, ttl 128, id 856, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.253.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:51.888039 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:51.961818 arp who-has 132.72.148.210 tell 132.72.148.80
20:02:51.968020 IP (tos 0x0, ttl 128, id 1810, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.046133 arp who-has 132.72.148.80 tell 132.72.149.208
20:02:52.052986 IP (tos 0x0, ttl 128, id 11437, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.46.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.066038 IP (tos 0x0, ttl 128, id 37706, offset 0, flags [none], proto UDP (17), length 229) 132.72.149.19.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:52.069842 IP (tos 0x0, ttl 128, id 30058, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.173.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.079315 arp who-has 132.72.148.80 tell 132.72.150.38
20:02:52.107716 IP (tos 0x0, ttl 128, id 31946, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.169.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.139842 arp who-has 132.72.148.80 tell 132.72.149.164
20:02:52.158058 arp who-has 132.72.148.80 tell 132.72.149.124
20:02:52.167033 IP (tos 0x0, ttl 128, id 1812, offset 0, flags [none], proto UDP (17), length 96) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:02:52.167234 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96) 132.72.150.211.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:02:52.263651 arp who-has 132.72.148.80 tell 132.72.148.160
20:02:52.306267 arp who-has 132.72.148.80 tell 132.72.149.52
20:02:52.307548 arp who-has 132.72.148.80 tell 132.72.150.94
20:02:52.307898 arp who-has 132.72.148.80 tell 132.72.148.202
20:02:52.315249 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:52.373127 arp who-has 132.72.148.80 tell 132.72.148.229
20:02:52.387585 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37
20:02:52.388371 IP (tos 0x0, ttl 128, id 8748, offset 0, flags [none], proto UDP (17), length 202) 132.72.148.162.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:52.391623 arp who-has 132.72.148.59 tell 132.72.151.249
20:02:52.403822 IP (tos 0x0, ttl 128, id 8751, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.162.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.440684 IP (tos 0x0, ttl 128, id 1795, offset 0, flags [none], proto UDP (17), length 202) 132.72.150.57.138 > 132.72.151.255.138: NBT UDP PACKET(138)
20:02:52.456065 IP (tos 0x0, ttl 128, id 1798, offset 0, flags [none], proto UDP (17), length 78) 132.72.150.57.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.467506 arp who-has 132.72.148.80 tell 132.72.148.217
20:02:52.518221 arp who-has 132.72.148.190 tell 132.72.148.80
20:02:52.550523 IP (tos 0x0, ttl 128, id 53089, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.550576 IP (tos 0x0, ttl 128, id 53090, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:02:52.554433 arp who-has 132.72.148.80 tell 132.72.148.145
|
thanks for the help.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Mon Jan 21, 2008 7:47 am Post subject: |
|
|
ok, alittle update after thinking of the samba openness, I've decided to limit samba to 2 networks, here are the new iptables rules:
| Code: |
# Generated by iptables-save v1.3.8 on Fri Jan 18 14:11:06 2008
*filter
:INPUT ACCEPT [5:952]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1192099:595387635]
# accept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT
# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# ssh
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# ftp / webserver related
-A INPUT -p tcp -m state --state NEW --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
# Windows / Samba
-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 135 -j ACCEPT
-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 139 -j ACCEPT
-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p udp -m udp -m state --state NEW --dport 137:138 -j ACCEPT
-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 426 -j ACCEPT
-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 445 -j ACCEPT
# up to 5 Bit-torrent connections
-A INPUT -p tcp -m state --state NEW --dport 6881:6886 -j ACCEPT
#else
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jan 18 14:11:06 2008
|
on the bright side, output of iptables -nvL -t filter shows this:
| Code: |
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6 486 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
4979 4800K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 state NEW
177 8556 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 state NEW
4009 455K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:138 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:426 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:6881:6886
469 196K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5940 packets, 468K bytes)
pkts bytes target prot opt in out source destination
|
which on the 137:138 and 139 lines it was 0 accepted, but still I cant seem to connect.
here is a new output of tcpdump -i any -v -n
http://pastebin.com/m5b997839
one more thing, I've added this to smb.conf:
| Code: |
hosts deny = ALL
hosts allow = 192.168.114 132.72
|
what is the next step?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21631
|
| Posted: Tue Jan 22, 2008 5:12 am Post subject: |
|
|
That is an amazingly noisy network. Are other users actively using the network when you run this capture?
I see a large volume of UDP messages sent from :137 to a high port. These packets are rejected with an ICMP port unreachable. It is difficult to say whether this is because no process is listening or because the packet matched your REJECT target. The sheer volume of packets to examine makes deep inspection impractical. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Tue Jan 22, 2008 5:49 am Post subject: |
|
|
it's a very busy network, I've seted the 137 udp has opened, how can it be rejecting it? is it related to the samba port selection in smb.conf?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Tue Jan 22, 2008 7:02 am Post subject: |
|
|
reviewing the log again shows that these ports 54355, 33793, 32857 are mostly used, but the following is strange
===============================================================================================================
# 09:45:01.544670 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 90) 132.72.148.243.137 > 132.72.148.243.32857: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
# 09:45:01.544692 IP (tos 0xc0, ttl 64, id 32832, offset 0, flags [none], proto ICMP (1), length 118) 132.72.148.243 > 132.72.148.243: ICMP 132.72.148.243 udp port 32857 unreachable, length 98
===============================================================================================================
is this the problematic port?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21631
|
| Posted: Wed Jan 23, 2008 4:00 am Post subject: |
|
|
| DaggyStyle wrote: | | it's a very busy network, I've seted the 137 udp has opened, how can it be rejecting it? is it related to the samba port selection in smb.conf? |
You configured the firewall to send that message for any traffic that is rejected.
Those ports are all ephemeral. The system is choosing them automatically. The real question is why that traffic is not being classified as ESTABLISHED.
Run the test again on a quieter network. There is too much noise here to pick out the problems without wading through pages of unrelated traffic. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Wed Jan 23, 2008 5:37 am Post subject: |
|
|
unfortunately, this can take alot of time cause I wont be getting home soon
if I'll set a two computers network, will it work?
does it matte if it will be win to Linux or linux to linux?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21631
|
| Posted: Thu Jan 24, 2008 3:24 am Post subject: |
|
|
| The host systems involved should not matter, unless it affects the exchange in such a way that your firewall rules permit one interaction and deny the other. I doubt such a situation will occur. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Thu Jan 24, 2008 5:49 am Post subject: |
|
|
I've been able to setup the logging feature, here is the output:
| Code: |
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46538 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46550 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:d3:61:d2:be:08:00 SRC=132.72.150.22 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22361 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21187 PROTO=UDP SPT=62263 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:d3:61:d2:be:08:00 SRC=132.72.150.22 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22364 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:4a:fe:ae:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=316
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46555 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44010 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35648 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44015 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35651 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:4a:fe:ae:08:00 SRC=132.72.148.255 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=38 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46563 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:60:c0:04:38:08:00 SRC=132.72.150.47 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26257 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:60:c0:04:38:08:00 SRC=132.72.150.47 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26261 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46581 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21200 PROTO=UDP SPT=62264 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:c3:d6:91:08:00 SRC=132.72.150.97 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26687 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28018 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46590 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:c3:d6:91:08:00 SRC=132.72.150.97 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26692 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1009 DF PROTO=2
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28020 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:6c:ea:16:f8:08:00 SRC=132.72.148.188 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=13783 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=63537 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:2a:e3:dd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=46085 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:2a:e3:dd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=46086 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:2a:e3:dd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=46087 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=63571 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46603 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:24:45:1b:f7:08:00 SRC=132.72.149.57 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=287 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46606 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21214 PROTO=UDP SPT=62265 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46614 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35715 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35716 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=22620 PROTO=UDP SPT=55661 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46620 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46629 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21262 PROTO=UDP SPT=62271 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64084 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46642 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:02:55:30:20:4b:08:00 SRC=132.72.148.200 DST=224.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=21611 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64091 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1010 DF PROTO=2
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=14363 PROTO=UDP SPT=55698 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46659 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28474 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28475 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35755 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:00:10:a1:61:dc:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=32117 PROTO=UDP SPT=68 DPT=67 LEN=310
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35758 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46675 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21282 PROTO=UDP SPT=62272 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:56:79:6e:c8:08:00 SRC=132.72.151.72 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=38594 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:02:04:86:16:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=310
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46678 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=24388 PROTO=UDP SPT=55705 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46684 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46693 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21295 PROTO=UDP SPT=62273 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46695 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1011 DF PROTO=2
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:c9:74:3c:08:00 SRC=132.72.149.236 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22502 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=64397 PROTO=UDP SPT=55728 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:c9:74:3c:08:00 SRC=132.72.149.236 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22503 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46957 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=49263 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=49264 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=49265 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46960 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21310 PROTO=UDP SPT=62274 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47004 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30101 PROTO=UDP SPT=57623 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:03:37:1c:08:00 SRC=132.72.149.30 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=31508 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:16:e6:35:9b:ab:08:00 SRC=132.72.149.167 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=10837 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:03:37:1c:08:00 SRC=132.72.149.30 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=31512 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=24456 PROTO=UDP SPT=55729 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47028 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:09:34:b0:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=16088 PROTO=UDP SPT=68 DPT=67 LEN=310
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:09:34:b0:08:00 SRC=132.72.149.44 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=16168 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:6b:bf:c4:bb:08:00 SRC=132.72.150.18 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=13856 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:6b:bf:c4:bb:08:00 SRC=132.72.150.18 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=13863 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47057 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21323 PROTO=UDP SPT=62275 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47066 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30265 PROTO=UDP SPT=57624 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:aa:bc:00:75:c4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=332 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=312
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:6c:e9:b7:37:08:00 SRC=132.72.150.127 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=27817 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:aa:bc:00:75:c4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:aa:bc:00:75:c4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=338 TOS=0x00 PREC=0x00 TTL=128 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=318
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=58015 PROTO=UDP SPT=55744 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:6c:e9:b7:37:08:00 SRC=132.72.150.127 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=27824 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29318 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=29568 PROTO=UDP SPT=68 DPT=67 LEN=316
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29570 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=342 TOS=0x00 PREC=0x00 TTL=128 ID=29571 PROTO=UDP SPT=68 DPT=67 LEN=322
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1012 DF PROTO=2
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47080 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29323 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=132.72.149.126 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29729 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47112 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21368 PROTO=UDP SPT=62281 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:09:34:b0:08:00 SRC=132.72.149.44 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=17287 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47118 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30269 PROTO=UDP SPT=57625 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=5195 PROTO=UDP SPT=55745 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47124 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:19:81:f1:08:00 SRC=132.72.148.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=6273 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:19:81:f1:08:00 SRC=132.72.148.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=6274 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:00:10:a1:61:dc:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=32138 PROTO=UDP SPT=68 DPT=67 LEN=310
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47128 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21381 PROTO=UDP SPT=62282 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47129 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=556
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=556
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30274 PROTO=UDP SPT=57626 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=3 PROTO=UDP SPT=68 DPT=67 LEN=556
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=11881 PROTO=UDP SPT=55766 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47145 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1013 DF PROTO=2
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:14:85:1f:55:0f:08:00 SRC=132.72.149.74 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=47454 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47150 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21395 PROTO=UDP SPT=62283 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:14:85:1f:55:0f:08:00 SRC=132.72.149.74 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=47455 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=348 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=328
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=354 TOS=0x00 PREC=0x00 TTL=128 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=334
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44296 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47154 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30307 PROTO=UDP SPT=57627 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44302 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:4a:fe:ae:08:00 SRC=132.72.148.255 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1812 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=4937 PROTO=UDP SPT=55775 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cb:c2:9d:08:00 SRC=132.72.149.140 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=477 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64408 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cb:c2:9d:08:00 SRC=132.72.149.140 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=478 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47168 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64417 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47169 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21408 PROTO=UDP SPT=62284 DPT=2222 LEN=114
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=132.72.148.153 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=70 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=132.72.148.153 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=71 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47173 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:78:51:e0:08:00 SRC=132.72.150.121 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4995 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30308 PROTO=UDP SPT=57628 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:78:51:e0:08:00 SRC=132.72.150.121 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4996 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:7d:6f:1e:08:00 SRC=132.72.151.104 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26608 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=52722 PROTO=UDP SPT=55776 DPT=2222 LEN=160
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:7d:6f:1e:08:00 SRC=132.72.151.104 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26609 PROTO=UDP SPT=68 DPT=67 LEN=308
Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47178 PROTO=UDP SPT=6646 DPT=6646 LEN=1368
Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1014 DF PROTO=2
|
if I add a accept rule for sport 68 and dport 67 I see the sub networks, but entering them is rejected, I dont think that I need to set up all these ports, it does not make any sense.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sat Jan 26, 2008 5:49 am Post subject: |
|
|
solved! thanks to the iptables mailing list, I've added this:
| Code: |
/sbin/iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
thanks for the help
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
schachti
Advocate
Joined: 28 Jul 2003
Posts: 3765
Location: Gifhorn, Germany
|
| Posted: Sat Jan 26, 2008 7:39 am Post subject: |
|
|
Did they give any reason for this? The policy of the output chain was already set to ACCEPT, so why should one explicitly allow those packets?
_________________
Never argue with an idiot. He brings you down to his level, then beats you with experience.
How-To: Daten verschlüsselt auf DVD speichern. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sat Jan 26, 2008 8:54 am Post subject: |
|
|
they where intrigued too, apparently, I think that the connections that weren't new were ignored somehow
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
