We help IT Professionals succeed at work.
Get Started
VERY URGENT! Firewall Rules HELP (IPTABLES) Redhat 9
NOTE:
192.168.4.1 = webserver (windows Machine)
192.168.4.2 = Local side address of firewall.
192.168.3.2 = Internet side of address of firewall.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
ACCEPT all -- 192.168.4.0/24 anywhere
ACCEPT all -- anywhere 192.168.4.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.4.1 tcp dpt:http
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: '
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- 192.168.4.2 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- Linux-Firewall anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '
Chain bad_packets (2 references)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN LOG level warning prefix `New not syn:'
DROP tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
RETURN tcp -- anywhere anywhere
Chain icmp_packets (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere
Chain icmp_pakets (0 references)
target prot opt source destination
Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
#35 shouldn't be in here, I need to remove.
ACCEPT tcp -- anywhere anywhere tcp dpt:35
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere
Chain tcp_outbound (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:irc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nntp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:ftp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:ftp-data reject-with icmp-port-unreachable
#5190 AIM, 4443 Yahoo, 1863 MSN
REJECT tcp -- anywhere anywhere tcp dpt:5190 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:4443 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:1863 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere
Chain udp_inbound (1 references)
target prot opt source destination
#drop netbios noise.
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
RETURN udp -- anywhere anywhere
Chain udp_outbound (1 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:4000 reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere
checking logs:
"New Not Syn: " In=eth0 (192.168.3.2.), out=eth0, SRC= 192.168.4.1, dst = 192.168.3.1(machine I'm trying to access from),
LEN = 48 TOS=0x00 TTL = 127 ID = 1527 DF PROTO = TCP SPT = 80 DPT = 3492 WINDOW = 64240 RES=0x00 ACK SYN URGP
This is coming from the bad_tcp_packets chain. It looks like the ACK and SYN flags are set, so why is it dropping this packet?
VERY URGENT any and all help greatly appreciated.
Thanks.
192.168.4.1 = webserver (windows Machine)
192.168.4.2 = Local side address of firewall.
192.168.3.2 = Internet side of address of firewall.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
ACCEPT all -- 192.168.4.0/24 anywhere
ACCEPT all -- anywhere 192.168.4.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.4.1 tcp dpt:http
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: '
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- 192.168.4.2 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- Linux-Firewall anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '
Chain bad_packets (2 references)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN LOG level warning prefix `New not syn:'
DROP tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
RETURN tcp -- anywhere anywhere
Chain icmp_packets (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere
Chain icmp_pakets (0 references)
target prot opt source destination
Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
#35 shouldn't be in here, I need to remove.
ACCEPT tcp -- anywhere anywhere tcp dpt:35
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere
Chain tcp_outbound (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:irc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nntp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:ftp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:ftp-data reject-with icmp-port-unreachable
#5190 AIM, 4443 Yahoo, 1863 MSN
REJECT tcp -- anywhere anywhere tcp dpt:5190 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:4443 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:1863 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere
Chain udp_inbound (1 references)
target prot opt source destination
#drop netbios noise.
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
RETURN udp -- anywhere anywhere
Chain udp_outbound (1 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:4000 reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere
checking logs:
"New Not Syn: " In=eth0 (192.168.3.2.), out=eth0, SRC= 192.168.4.1, dst = 192.168.3.1(machine I'm trying to access from),
LEN = 48 TOS=0x00 TTL = 127 ID = 1527 DF PROTO = TCP SPT = 80 DPT = 3492 WINDOW = 64240 RES=0x00 ACK SYN URGP
This is coming from the bad_tcp_packets chain. It looks like the ACK and SYN flags are set, so why is it dropping this packet?
VERY URGENT any and all help greatly appreciated.
Thanks.
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE