Bonjour,
J'ai un petit probl�me avec Xchat (1.8.9 et 2.0.4): j'arrive � envoyer
des fichiers mais impossible d'en recevoir. Chaque fois j'ai un message
"connection time out�", m�me lorsque j'accepte le fichier imm�diatement
ou que j'active l'acceptation automatique des fichiers.
ip_conntrack_irc est compil� en module et il est charg� au d�marrage de
la machine.
Ci-joint les r�gles iptables de ma machine.
Si une bonne �me pouvait me donner un coup de main, �a serait sympa car
je n'ai rien trouv� sur le net.
Merci � vous.
--
Bruno Berteau
#
*mangle
:PREROUTING ACCEPT [22502:11957803]
:INPUT ACCEPT [22502:11957803]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [30357:12662997]
:POSTROUTING ACCEPT [28698:12563457]
COMMIT
#
*nat
:PREROUTING ACCEPT [352:55961]
:POSTROUTING ACCEPT [2395:143945]
:OUTPUT ACCEPT [4054:243485]
COMMIT
#
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOG_ACCEPT - [0:0]
:LOG_DROP - [0:0]
:PPP-IN - [0:0]
:PPP-OUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i ppp0 -j PPP-IN
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o ppp0 -j PPP-OUT
-A LOG_ACCEPT -j LOG --log-prefix "[IPTABLES ACCEPT] :"
-A LOG_ACCEPT -j ACCEPT
-A LOG_DROP -j LOG --log-prefix "[IPTABLES DROP] : "
-A LOG_DROP -j DROP
-A PPP-IN -p udp -m multiport --dports
25,www,sunrpc,daytime,113,time,discard,talk,631,111,942 -j DROP
-A PPP-IN -p tcp -m multiport --dports
smtp,www,sunrpc,517,daytime,113,time,discard,518,631,111,942 -j DROP
# DNS
-A PPP-IN -p udp -m udp --sport 53 -j LOG_ACCEPT
-A PPP-IN -p tcp -m tcp --sport 53 -j LOG_ACCEPT
# ntp
-A PPP-IN -p udp -m udp --sport 123 --dport 123 -j LOG_ACCEPT
-A PPP-IN -p tcp -m tcp --sport 123 --dport 123 -j LOG_ACCEPT
# WWW
-A PPP-IN -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
# ftp
-A PPP-IN -p tcp -m tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A PPP-IN -p tcp -m tcp --sport 20 -m state --state RELATED,ESTABLISHED -j
ACCEPT
# ftp & DCC
-A PPP-IN -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state
RELATED,ESTABLISHED -j ACCEPT
# https
-A PPP-IN -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# smtp
-A PPP-IN -p tcp -m tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
# pop3
-A PPP-IN -p tcp -m tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT
# ssh
-A PPP-IN -p tcp -m tcp --dport 22 -j LOG_ACCEPT
# imap3
-A PPP-IN -p tcp -m tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT
-A PPP-IN -p tcp -m tcp --sport 220 -m state --state ESTABLISHED -j ACCEPT
# cvs
-A PPP-IN -p tcp -m tcp --sport 2401 -m state --state ESTABLISHED -j ACCEPT
#
-A PPP-IN -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A PPP-IN -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A PPP-IN -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A PPP-IN -j LOG_DROP
# DNS
-A PPP-OUT -p udp -m udp --dport 53 -j ACCEPT
-A PPP-OUT -p tcp -m tcp --dport 53 -j ACCEPT
# ntp
-A PPP-OUT -p tcp -m tcp --sport 123 --dport 123 -j LOG_ACCEPT
-A PPP-OUT -p udp -m udp --sport 123 --dport 123 -j LOG_ACCEPT
# WWW
-A PPP-OUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# ftp
-A PPP-OUT -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A PPP-OUT -p tcp -m tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
# ftp & DCC
-A PPP-OUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
# https
-A PPP-OUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# smtp
-A PPP-OUT -p tcp -m tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
# pop3
-A PPP-OUT -p tcp -m tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
# ssh
-A PPP-OUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j
LOG_ACCEPT
#imap
-A PPP-OUT -p tcp -m tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
-A PPP-OUT -p tcp -m tcp --dport 220 -m state --state NEW,ESTABLISHED -j ACCEPT
# CVS
-A PPP-OUT -p tcp -m tcp --dport 2401 -m state --state NEW,ESTABLISHED -j ACCEPT
#
-A PPP-OUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A PPP-OUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A PPP-OUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A PPP-OUT -j ACCEPT
COMMIT
