daniel wrote:
Dany De Bontridder wrote:
On Sat, 04 Jan 2003 01:10:54 +0100
Daniel <[EMAIL PROTECTED]> wrote:
Dany De Bontridder wrote:
On Fri, 03 Jan 2003 22:47:34 +0100
Daniel <[EMAIL PROTECTED]> wrote:
un programme pour charger de la musique mp3, il se connecte sur son
site et je pourrais downloader du mp3. on peut aussi partager des
mp3 avec d'autres personnes (en fait ce programme est un
client-serveur mp3)
Ok, j'ai été sur le site pour voir, dommage qu'il n'y ait pas les
sources, on
aurait pu le porter, enfin, sinon, il faut voir tes règles de Firewall.
En particulier, celle du forwarding/masquerading. D'abord, tester:
peux-tu
depuis le client aller sur Internet ?
oui, pas de probleme,aussi bien en utilisant squid comme proxy, qu'en
connection direct.
2. Peux-tu en te connectant sur le server utiliser iptraf, pour voir
quelles
connection sont demandées, refusées ?
les ports sont les 6699 tcp et 6257 udp, et sur le firewall j'ai
ouvert ces ports pourtant pas de reponse !
pour le moment , je ne saurais pas, j'ai un probleme de kernel (debian
3.0). j'ai upgrade en vmlinuz-2.4.18-686, et depuis a chaque x que je
reboot j'ai un vfat kernel panic. donc je suis repas. a l'encienne
distro (redhat 7.0 sur une autre partition).
ce soir si j'ai le temps, je reconfig. le tout.
daniel
voila le fichier demande
daniel
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ppp0_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ppp0_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
fw2net all -- anywhere anywhere
all2all all -- anywhere localnet/24
all2all all -- anywhere anywhere
common all -- anywhere anywhere
reject all -- anywhere anywhere
Chain all2all (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
reject all -- anywhere anywhere
Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
DROP tcp -- anywhere anywhere state INVALID
REJECT udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:microsoft-ds
reject-with icmp-port-unreachable
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp spt:domain state NEW
DROP all -- anywhere 192.168.0.255
Chain dynamic (4 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
loc2net all -- localnet/24 anywhere
loc2net all -- anywhere anywhere
loc2loc all -- localnet/24 localnet/24
loc2loc all -- localnet/24 anywhere
loc2loc all -- anywhere localnet/24
loc2loc all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
loc2fw all -- localnet/24 anywhere
loc2fw all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3128
ACCEPT udp -- anywhere anywhere state NEW udp dpt:3128
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT all -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
Chain loc2fw (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT udp -- anywhere anywhere state NEW udp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3128
ACCEPT udp -- anywhere anywhere state NEW udp dpt:3128
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT all -- anywhere anywhere
Chain loc2loc (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
all2all all -- anywhere anywhere
Chain loc2net (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT udp -- anywhere anywhere state NEW udp dpt:www
ACCEPT tcp -- blackstar.darkstar.vador anywhere state NEW tcp
dpt:6699
ACCEPT udp -- blackstar.darkstar.vador anywhere state NEW udp
dpt:6257
ACCEPT tcp -- star.darkstar.vador anywhere state NEW tcp dpt:6699
ACCEPT udp -- star.darkstar.vador anywhere state NEW udp dpt:6257
ACCEPT all -- anywhere anywhere
Chain logdrop (27 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix
`Shorewall:rfc1918:DROP:'
DROP all -- anywhere anywhere
Chain net2all (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT all -- anywhere anywhere
Chain net2loc (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere blackstar.darkstar.vadorstate NEW tcp
dpt:6699
ACCEPT udp -- anywhere blackstar.darkstar.vadorstate NEW udp
dpt:6257
ACCEPT tcp -- anywhere star.darkstar.vadorstate NEW tcp dpt:6699
ACCEPT udp -- anywhere star.darkstar.vadorstate NEW udp dpt:6257
net2all all -- anywhere anywhere
Chain newnotsyn (8 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ppp0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
rfc1918 all -- anywhere anywhere
net2loc all -- anywhere localnet/24
net2loc all -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
rfc1918 all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
net2fw all -- anywhere anywhere
Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain rfc1918 (2 references)
target prot opt source destination
RETURN all -- 255.255.255.255 anywhere
DROP all -- 169.254.0.0/16 anywhere
logdrop all -- 172.16.0.0/12 anywhere
logdrop all -- 192.0.2.0/24 anywhere
logdrop all -- localnet/16 anywhere
logdrop all -- 0.0.0.0/7 anywhere
logdrop all -- 2.0.0.0/8 anywhere
logdrop all -- 5.0.0.0/8 anywhere
logdrop all -- 7.0.0.0/8 anywhere
logdrop all -- 10.0.0.0/8 anywhere
logdrop all -- 23.0.0.0/8 anywhere
logdrop all -- 27.0.0.0/8 anywhere
logdrop all -- 31.0.0.0/8 anywhere
logdrop all -- 36.0.0.0/7 anywhere
logdrop all -- 39.0.0.0/8 anywhere
logdrop all -- 41.0.0.0/8 anywhere
logdrop all -- 42.0.0.0/8 anywhere
logdrop all -- 58.0.0.0/7 anywhere
logdrop all -- 60.0.0.0/8 anywhere
logdrop all -- 70.0.0.0/7 anywhere
logdrop all -- 72.0.0.0/5 anywhere
logdrop all -- 83.0.0.0/8 anywhere
logdrop all -- 84.0.0.0/6 anywhere
logdrop all -- 88.0.0.0/5 anywhere
logdrop all -- 96.0.0.0/3 anywhere
logdrop all -- 127.0.0.0/8 anywhere
logdrop all -- 197.0.0.0/8 anywhere
logdrop all -- 222.0.0.0/7 anywhere
logdrop all -- 240.0.0.0/4 anywhere
Chain shorewall (0 references)
target prot opt source destination
