Hi sluggers
I am a relative newbie and am having trouble with the whole firewall-iptables-network
address translation thing. I am running Redhat 8 and recently downloaded the latest
version of firestarter thinking that this would solve the problem but somehow I still
can't get the other two computers onto the net. When I cat
/proc/sys/net/ipv4/ip_forward I get 1 and the result of "service iptables status" is
as below
Table: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
ACCEPT all -- 211.28.139.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy DROP)
target prot opt source destination
UNCLEAN all -- anywhere anywhere unclean
ACCEPT tcp -- dns.syd.optusnet.com.au anywhere tcp
flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns.syd.optusnet.com.au anywhere
ACCEPT tcp -- dns.meb.optusnet.com.au anywhere tcp
flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns.meb.optusnet.com.au anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere 211.28.139.0/24 limit: avg 10/sec burst 5
LD all -- anywhere anywhere state INVALID
LD all -f anywhere anywhere limit: avg 10/min burst 5
ACCEPT all -- 192.168.0.0/24 anywhere
LD all -- 1.0.0.0/8 211.28.139.0/24
LD all -- 2.0.0.0/8 211.28.139.0/24
LD all -- 5.0.0.0/8 211.28.139.0/24
LD all -- 7.0.0.0/8 211.28.139.0/24
LD all -- 23.0.0.0/8 211.28.139.0/24
LD all -- 27.0.0.0/8 211.28.139.0/24
LD all -- 31.0.0.0/8 211.28.139.0/24
LD all -- 36.0.0.0/8 211.28.139.0/24
LD all -- 37.0.0.0/8 211.28.139.0/24
LD all -- 39.0.0.0/8 211.28.139.0/24
LD all -- 41.0.0.0/8 211.28.139.0/24
LD all -- 42.0.0.0/8 211.28.139.0/24
LD all -- 58.0.0.0/8 211.28.139.0/24
LD all -- 59.0.0.0/8 211.28.139.0/24
LD all -- 60.0.0.0/8 211.28.139.0/24
LD all -- 69.0.0.0.adsl.snet.net/8 211.28.139.0/24
LD all -- 70.0.0.0/8 211.28.139.0/24
LD all -- 71.0.0.0/8 211.28.139.0/24
LD all -- 72.0.0.0/8 211.28.139.0/24
LD all -- 73.0.0.0/8 211.28.139.0/24
LD all -- 74.0.0.0/8 211.28.139.0/24
LD all -- 75.0.0.0/8 211.28.139.0/24
LD all -- 76.0.0.0/8 211.28.139.0/24
LD all -- 77.0.0.0/8 211.28.139.0/24
LD all -- 78.0.0.0/8 211.28.139.0/24
LD all -- 79.0.0.0/8 211.28.139.0/24
LD all -- 82.0.0.0/8 211.28.139.0/24
LD all -- 83.0.0.0/8 211.28.139.0/24
LD all -- 84.0.0.0/8 211.28.139.0/24
LD all -- 85.0.0.0/8 211.28.139.0/24
LD all -- 86.0.0.0/8 211.28.139.0/24
LD all -- 87.0.0.0/8 211.28.139.0/24
LD all -- 88.0.0.0/8 211.28.139.0/24
LD all -- 89.0.0.0/8 211.28.139.0/24
LD all -- 90.0.0.0/8 211.28.139.0/24
LD all -- 91.0.0.0/8 211.28.139.0/24
LD all -- 92.0.0.0/8 211.28.139.0/24
LD all -- 93.0.0.0/8 211.28.139.0/24
LD all -- 94.0.0.0/8 211.28.139.0/24
LD all -- 95.0.0.0/8 211.28.139.0/24
LD all -- 96.0.0.0/8 211.28.139.0/24
LD all -- 97.0.0.0/8 211.28.139.0/24
LD all -- 98.0.0.0/8 211.28.139.0/24
LD all -- 99.0.0.0/8 211.28.139.0/24
LD all -- 100.0.0.0/8 211.28.139.0/24
LD all -- 101.0.0.0/8 211.28.139.0/24
LD all -- 102.0.0.0/8 211.28.139.0/24
LD all -- 103.0.0.0/8 211.28.139.0/24
LD all -- 104.0.0.0/8 211.28.139.0/24
LD all -- 105.0.0.0/8 211.28.139.0/24
LD all -- 106.0.0.0/8 211.28.139.0/24
LD all -- 107.0.0.0/8 211.28.139.0/24
LD all -- 108.0.0.0/8 211.28.139.0/24
LD all -- 109.0.0.0/8 211.28.139.0/24
LD all -- 110.0.0.0/8 211.28.139.0/24
LD all -- 111.0.0.0/8 211.28.139.0/24
LD all -- 112.0.0.0/8 211.28.139.0/24
LD all -- 113.0.0.0/8 211.28.139.0/24
LD all -- 114.0.0.0/8 211.28.139.0/24
LD all -- 115.0.0.0/8 211.28.139.0/24
LD all -- 116.0.0.0/8 211.28.139.0/24
LD all -- 117.0.0.0/8 211.28.139.0/24
LD all -- 118.0.0.0/8 211.28.139.0/24
LD all -- 119.0.0.0/8 211.28.139.0/24
LD all -- 120.0.0.0/8 211.28.139.0/24
LD all -- 121.0.0.0/8 211.28.139.0/24
LD all -- 122.0.0.0/8 211.28.139.0/24
LD all -- 123.0.0.0/8 211.28.139.0/24
LD all -- 124.0.0.0/8 211.28.139.0/24
LD all -- 125.0.0.0/8 211.28.139.0/24
LD all -- 126.0.0.0/8 211.28.139.0/24
LD all -- 128.66.0.0/16 211.28.139.0/24
LD all -- 172.16.0.0/12 211.28.139.0/24
LD all -- 197.0.0.0/8 211.28.139.0/24
LD all -- 221.0.0.0/8 211.28.139.0/24
LD all -- 222.0.0.0/8 211.28.139.0/24
LD all -- 223.0.0.0/8 211.28.139.0/24
LD all -- 240.0.0.0/4 211.28.139.0/24
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:31337 limit: avg
2/min burst 5
LD udp -- anywhere 211.28.139.0/24 udp dpt:31337 limit: avg
2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:33270 limit: avg
2/min burst 5
LD udp -- anywhere 211.28.139.0/24 udp dpt:33270 limit: avg
2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:1234 limit: avg
2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:6711 limit: avg
2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:16660
flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:60001
flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpts:12345:12346
limit: avg 2/min burst 5
LD udp -- anywhere 211.28.139.0/24 udp dpts:12345:12346
limit: avg 2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:135 limit: avg
2/min burst 5
LD udp -- anywhere 211.28.139.0/24 udp dpt:135 limit: avg
2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:ingreslock limit:
avg 2/min burst 5
LD tcp -- anywhere 211.28.139.0/24 tcp dpt:27665 limit: avg
2/min burst 5
LD udp -- anywhere 211.28.139.0/24 udp dpt:27444 limit: avg
2/min burst 5
LD udp -- anywhere 211.28.139.0/24 udp dpt:31335 limit: avg
2/min burst 5
LD all -- BASE-ADDRESS.MCAST.NET/8 anywhere
LD all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
LD all -- anywhere anywhere state INVALID
LD all -f anywhere anywhere limit: avg 10/min burst 5
ACCEPT tcp -- anywhere anywhere tcp dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
LD tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN
state NEW
STATE tcp -- anywhere 211.28.139.0/24 tcp dpts:1024:65535
ACCEPT udp -- anywhere 211.28.139.0/24 udp dpts:1023:65535
LD all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
UNCLEAN all -- anywhere anywhere unclean
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN
TCPMSS clamp to PMTU
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 192.168.0.0/24
Chain OUTPUT (policy DROP)
target prot opt source destination
UNCLEAN all -- anywhere anywhere unclean
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- 192.168.0.0/24 anywhere
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:31337 limit: avg
2/min burst 5
LD udp -- 211.28.139.0/24 anywhere udp dpt:31337 limit: avg
2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:33270 limit: avg
2/min burst 5
LD udp -- 211.28.139.0/24 anywhere udp dpt:33270 limit: avg
2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:1234 limit: avg
2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:6711 limit: avg
2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:16660
flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:60001
flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpts:12345:12346
limit: avg 2/min burst 5
LD udp -- 211.28.139.0/24 anywhere udp dpts:12345:12346
limit: avg 2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:135 limit: avg
2/min burst 5
LD udp -- 211.28.139.0/24 anywhere udp dpt:135 limit: avg
2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:ingreslock limit:
avg 2/min burst 5
LD tcp -- 211.28.139.0/24 anywhere tcp dpt:27665 limit: avg
2/min burst 5
LD udp -- 211.28.139.0/24 anywhere udp dpt:27444 limit: avg
2/min burst 5
LD udp -- 211.28.139.0/24 anywhere udp dpt:31335 limit: avg
2/min burst 5
LD all -- BASE-ADDRESS.MCAST.NET/8 anywhere
LD all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN
state NEW
all -- anywhere anywhere TTL match TTL == 64
ACCEPT icmp -- 211.28.139.0/24 anywhere
ACCEPT all -- anywhere anywhere
Chain LD (128 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain SANITY (0 references)
target prot opt source destination
LD all -- anywhere anywhere
Chain STATE (1 references)
target prot opt source destination
LD all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LD all -- anywhere anywhere
Chain UNCLEAN (3 references)
target prot opt source destination
LD all -- anywhere anywhere
This has been setup as per the instructions on the firestarter web page. Can anyone
shed some light on this for me
Thanks again
Kevin (snr)
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
