Hi, after changing my iptables rules I got a problem. First of all the connection tracking table is growing until no more network connections are allowed. this happens faster when mldonkey is running. it seems that many connections are not closed correctly and resist in the table for almost forever. I don't know what causes this, any ideas? this is with gentoo-dev-source 2.6.10-r2
and then the next minor problem: I don't get nfs lockd through the packet filter... I locked the port on 32764 (tcp and udp) and opened this ports in the firewall but all packages arriving at that port are silently dropped. all other nfs services work without problems attached is the output from iptables -L Bye PS: if you need more informations just ask -- Homepage: http://slomosnail.de PGP/GPG Public Key: 0x5BE41F21 at http://slomosnail.de/files/gpg.asc
Chain INPUT (policy DROP 6613 packets, 331K bytes)
pkts bytes target prot opt in out source destination
682K 452M ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
2512 142K ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT udp -- eth1 any anywhere anywhere
state NEW udp dpt:1194
0 0 DROP all -- eth1 any anywhere anywhere
1749 107K DROP all -- any any anywhere anywhere
state INVALID
68 18297 DROP tcp -- any any anywhere anywhere
tcp flags:!SYN,RST,ACK/SYN state NEW
0 0 ACCEPT icmp -- !ppp0 any anywhere anywhere
state NEW icmp echo-request limit: avg 5/sec burst 5
0 0 ACCEPT icmp -- !ppp0 any anywhere anywhere
state NEW icmp port-unreachable limit: avg 5/sec burst 5
0 0 ACCEPT icmp -- any any anywhere anywhere
state NEW icmp echo-reply limit: avg 5/sec burst 5
0 0 ACCEPT icmp -- any any anywhere anywhere
state NEW icmp time-exceeded limit: avg 10/sec burst 5
0 0 ACCEPT icmp -- any any anywhere anywhere
state NEW icmp parameter-problem limit: avg 10/sec burst 5
0 0 ACCEPT icmp -- any any anywhere anywhere
state NEW icmp destination-unreachable limit: avg 10/sec burst 5
0 0 ACCEPT icmp -- any any anywhere anywhere
state NEW icmp source-quench limit: avg 10/sec burst 5
1 60 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:ssh limit: avg 15/min burst 5
28 1444 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:http
21 1260 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:https
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:domain
225 14615 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:domain
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpts:bootps:bootpc limit: avg 1/min burst 5
5 2880 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpts:bootps:bootpc limit: avg 1/min burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:auth limit: avg 5/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:imaps limit: avg 30/min burst 5
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:19150 limit: avg 1/sec burst 5
223 13380 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:3128
2 152 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:ntp limit: avg 30/min burst 5
0 0 ACCEPT udp -- any any anywhere anywhere
state NEW udp dpts:1194:1195 limit: avg 30/min burst 5
92 5520 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:sunrpc
0 0 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:sunrpc
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:nfs
1 152 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:nfs
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:32767
0 0 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:32767
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:32765
0 0 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:32765
0 0 ACCEPT tcp -- !ppp0 any anywhere anywhere
state NEW tcp dpt:32764
0 0 ACCEPT udp -- !ppp0 any anywhere anywhere
state NEW udp dpt:32764
384 19108 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:6882
0 0 ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:5374
0 0 ACCEPT udp -- any any anywhere anywhere
state NEW udp dpt:5374
4139 207K ACCEPT tcp -- any any anywhere anywhere
state NEW tcp dpt:4662
981 51958 ACCEPT udp -- any any anywhere anywhere
state NEW udp dpt:4666
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2573 524K ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
18 3880 ACCEPT all -- eth0 ppp0 yggdrasil/16 anywhere
0 0 ACCEPT all -- tap+ ppp0 yggdrasil/16 anywhere
0 0 ACCEPT all -- tap+ eth0 anywhere anywhere
0 0 ACCEPT all -- eth0 tap+ anywhere anywhere
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere
tcp dpt:61001
0 0 ACCEPT udp -- ppp0 any anywhere anywhere
udp dpt:61001
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere
tcp dpt:61002
0 0 ACCEPT udp -- ppp0 any anywhere anywhere
udp dpt:61002
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere
tcp dpt:61003
0 0 ACCEPT udp -- ppp0 any anywhere anywhere
udp dpt:61003
Chain OUTPUT (policy DROP 114 packets, 8397 bytes)
pkts bytes target prot opt in out source destination
583K 82M ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
70505 3626K ACCEPT all -- any any anywhere anywhere
state NEW
pgpyUqDU6d4FE.pgp
Description: PGP signature
