Hi Morten,
Thanks for the reply:
[EMAIL PROTECTED] /home/users/sprabv# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
100 9730 ACCEPT all -- lo * 127.0.0.1
0.0.0.0/0
261 22214 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1495 192K srvports all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 1634 packets, 81538 bytes)
pkts bytes target prot opt in out source
destination
97022 11M seat_upd all -- !eth0 * 0.0.0.0/0
0.0.0.0/0
187K 74M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
6792 370K ipsec all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 logdrop tcp -- eth1 eth0 192.168.0.0/24
130.117.156.32
0 0 logaccept tcp -- eth1 eth0 192.168.0.9
0.0.0.0/0 tcp dpt:3333
1 48 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:22
32 1536 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:53
46 24208 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:20
262 12568 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:21
3607 175K logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:80
0 0 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:113
4 192 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:25
156 7488 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:110
190 9104 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:443
1 48 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:465
3 144 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:995
1 48 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:6667
5 240 logaccept tcp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:5050
850 57188 logaccept udp -- eth1 eth0 192.168.0.0/24
0.0.0.0/0 udp dpt:53
Chain OUTPUT (policy ACCEPT 937 packets, 75882 bytes)
pkts bytes target prot opt in out source
destination
Chain clt (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 192.168.0.9
0.0.0.0/0
0 0 ACCEPT all -- * * 202.152.206.5
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.9
0.0.0.0/0
0 0 ACCEPT all -- * * 202.152.206.5
0.0.0.0/0
Chain ipsec (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- ipsec+ * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * ipsec+ 0.0.0.0/0
0.0.0.0/0
Chain logaccept (15 references)
pkts bytes target prot opt in out source
destination
5158 288K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[FW ACCEPT]: '
5158 288K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logdrop (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[FW DROP]: '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain seat_ord (0 references)
pkts bytes target prot opt in out source
destination
Chain seat_upd (1 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 recent: UPDATE name: seater side: source
Chain srvports (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:500
0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:350
29 1713 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 12
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:30000
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25000
576 43065 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
890 147K DROP all -- * * 0.0.0.0/0
0.0.0.0/0
[EMAIL PROTECTED] /home/users/sprabv# iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 9208 packets, 734K bytes)
pkts bytes target prot opt in out source
destination
3102 150K proxy tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
4 192 proxy tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
147 7056 proxy tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:110
11916 1120K devfilter all -- * * 0.0.0.0/0
0.0.0.0/0
1 44 malpacket all -- * * 0.0.0.0/0
0.0.0.0/0 unclean
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 SNAT tcp -- * eth0 192.168.0.9
0.0.0.0/0 tcp dpt:3333 to:202.6.225.34
30 1440 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:53 to:202.6.225.34
11 4868 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:20 to:202.6.225.34
245 11752 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:21 to:202.6.225.34
4 192 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:25 to:202.6.225.34
3102 150K SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:80 to:202.6.225.34
0 0 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:113 to:202.6.225.34
147 7056 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:110 to:202.6.225.34
164 7856 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:443 to:202.6.225.34
1 48 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:22 to:202.6.225.34
1 48 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:465 to:202.6.225.34
3 144 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:995 to:202.6.225.34
1 48 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp spts:1024:65535 dpt:6667 to:202.6.225.34
4 192 SNAT tcp -- * eth0 192.168.0.0/24
0.0.0.0/0 tcp dpt:5050 to:202.6.225.34
618 42162 SNAT udp -- * eth0 192.168.0.0/24
0.0.0.0/0 udp dpt:53 to:202.6.225.34
575 25104 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 13 packets, 2624 bytes)
pkts bytes target prot opt in out source
destination
Chain devfilter (1 references)
pkts bytes target prot opt in out source
destination
8553 680K RETURN all -- eth1 * 192.168.0.0/24
0.0.0.0/0
2613 373K devlog all -- !eth1 * 192.168.0.0/24
0.0.0.0/0
94 12763 devlog all -- eth1 * !192.168.0.0/24
0.0.0.0/0
Chain devlog (2 references)
pkts bytes target prot opt in out source
destination
2707 386K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[POSSIBLE SPOOF ATTEMPT]: '
2707 386K DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain malpacket (1 references)
pkts bytes target prot opt in out source
destination
1 44 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[MALFORMED PACKED FOUND]: '
1 44 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain proxy (3 references)
pkts bytes target prot opt in out source
destination
Thanks again for your help.
Regards
Willy
----- Original Message -----
From: "Morten Nilsen" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, February 13, 2007 2:44 PM
Subject: Re: Trustix Enterprise Firewall 4.7 Port 137 and 138 blocked
> [EMAIL PROTECTED] wrote:
> > Hi,
> > what does port 137 and 138 does? Because I always get this log everytime
a host on my LAN access that port.
>
> Ports 137 and 138 are used by the windows network (smb), and are popular
> targets for worms.
>
> > Feb 13 13:33:10 fw kernel: [POSSIBLE SPOOF ATTEMPT]: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:e0:18:6c:3c:0f:08:00 SRC=192.168.0.3
DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=33702 PROTO=UDP
SPT=137 DPT=137 LEN=58
> >
> > Is it necessary to open the ports? How to allow it using TEF 4.7?
>
> No idea, I've never used TEF, only iptables on standard TSL.
>
> > And also have other problem. Sometimes packet from my network on eth1
missdirected to eth0. Thanks.
>
> If you would post the output of iptables -vnL and iptables -vnL -t nat
> on a web server and post links here, I might be able to give you a
> complete answer..
>
> --
> Cheers,
> Morten
> :wq
> _______________________________________________
> tsl-discuss mailing list
> [email protected]
> http://lists.trustix.org/mailman/listinfo/tsl-discuss
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
