here's a copy of my iptables rules,
the next post will contain my tcpdump output.
the machine I'm sending for is the smoothwall machine.
it's the one doing nat
--
Shaun Oliver
"I refuse to have a battle of wits with an unarmed person."
email: [EMAIL PROTECTED]
WEB: http://blindman.homelinux.org/
IRC: irc.awesomechat.net:6666
IRCNICK: blindman
Chain INPUT (policy DROP)
target prot opt source destination
ipac~o all -- anywhere anywhere
ipblock all -- anywhere anywhere
ipblock all -- anywhere anywhere
advnet all -- anywhere anywhere
advnet all -- anywhere anywhere
spoof all -- anywhere anywhere
spoof all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
secin all -- anywhere anywhere
block all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
ipac~fi all -- anywhere anywhere
ipac~fo all -- anywhere anywhere
ipblock all -- anywhere anywhere
ipblock all -- anywhere anywhere
secout all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
portfwf all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ipac~i all -- anywhere anywhere
Chain advnet (2 references)
target prot opt source destination
Chain block (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
xtaccess all -- anywhere anywhere
ipsec all -- anywhere anywhere
ipsec all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain dmzholes (0 references)
target prot opt source destination
Chain ipac~fi (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
Chain ipac~fo (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
Chain ipac~i (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
Chain ipac~o (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
Chain ipblock (4 references)
target prot opt source destination
Chain ipsec (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT gre -- anywhere anywhere
ACCEPT ipv6-crypt-- anywhere anywhere
Chain portfwf (1 references)
target prot opt source destination
ACCEPT udp -- anywhere hogwarts state NEW udp
dpts:2074:2076
ACCEPT udp -- anywhere hogwarts state NEW udp
dpts:4074:4076
ACCEPT udp -- anywhere sam1 state NEW udp
dpts:3300:3310
ACCEPT tcp -- anywhere sam1 state NEW tcp
dpts:3300:3310
ACCEPT tcp -- anywhere hogwarts state NEW tcp dpt:ftp
ACCEPT udp -- anywhere hogwarts state NEW udp dpt:ftp
ACCEPT tcp -- anywhere hogwarts state NEW tcp dpt:auth
ACCEPT udp -- anywhere hogwarts state NEW udp dpt:auth
ACCEPT tcp -- anywhere sam1 state NEW tcp dpt:auth
ACCEPT udp -- anywhere sam1 state NEW udp dpt:auth
ACCEPT tcp -- anywhere shaun1 state NEW tcp dpt:auth
ACCEPT udp -- anywhere shaun1 state NEW udp dpt:auth
ACCEPT udp -- anywhere sam1 state NEW udp dpt:6257
Chain secin (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain secout (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain spoof (2 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
Chain xtaccess (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:auth
ACCEPT udp -- anywhere anywhere udp dpt:auth
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
