search for: dport

...icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 Chain AllowSMB (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 0 0 ACCEPT tcp -- * * 0.0.0.0/0...

...ts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,8080,10000 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source...

...blem when I tried to connect samba. Without any iptables rules, I have no problem when connecting host os(ubuntu samba server) from guest os Windows XP. I referenced this article, http://troy.jdmz.net/samba/fw/, so I put the following sources in the middle of the source. -A INPUT -p udp -m udp --dport 137 -j ACCEPT -A INPUT -p udp -m udp --dport 138 -j ACCEPT -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT Finally, it doesn't work. I feel now very frustrated... I tried with a lot of combinations, but all failed due to errors as shown below:...

...DE #eth0 la interfaz de la red local iptables --append FORWARD --in-interface eth0 -j ACCEPT #activamos el forward echo 1 > /proc/sys/net/ipv4/ip_forward #reglas para enrutado de paketes... #1.- redirecciona las peticiones del puerto 21 a mi pc iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.0.16:21 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 143 -j DNAT --to 192.168.0.16:143 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 993 -j DNAT --to 192.168.0.16:993 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 995 -j DNAT --to 192.168.0.16:995 ip...

...-P FORWARD ACCEPT /sbin/iptables -t mangle -P POSTROUTING ACCEPT /sbin/iptables -t nat -F /sbin/iptables -t nat -X /sbin/iptables -t nat -Z /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -A INPUT -p tcp --dport 783 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3000 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 2000 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 2727 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 4520 -j ACCEPT /sbin/iptables...

...so it can run without root rights # chown sh-httpd.adm /var/sh-www/data shorewall show >/var/sh-www/data/firewall chown sh-httpd.adm /var/sh-www/data/firewall shorewall show nat >/var/sh-www/data/masq chown sh-httpd.adm /var/sh-www/data/masq iptables -t mangle -A PREROUTING -i eth3 -p tcp --dport 80 -j MARK --set-mark 202 Shorewall-1.3.11 Status at firewall - Fri Mar 28 11:17:23 UTC 2003 Counters reset Fri Mar 28 11:17:03 UTC 2003 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 32 2688 ACCEPT a...

...----------------------------------------------------------------------------------------------------- echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -t nat -F modprobe ip_nat_ftp iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 42 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 88 -j ACCEPT ipta...

...bin/echo "1" > /proc/sys/net/ipv4/conf/all/log_martians iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --dport 5353 -j ACCEPT iptables -A INPUT -p udp --dport 5353 -j ACCEPT iptables -A INPUT -p tcp --dport 88 -j ACCEPT iptables -A INPUT -p udp --dport 88 -j ACCEPT iptabl...

...firewall using iptables with the following config eth0 = WAN 1 eth1 = LAN 1 eth2 = WAN 2 I'm trying to forward all traffic that makes a request from eth2 to an internal IP on eth1. These are the folloing rules that I have set up. iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 80 -j DNAT --to-destination 192.168.1.3:80 iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 5071 -j DNAT --to-destination 192.168.1.3:5071 iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 407 -j DNAT --to-destination 192.168.1.3:407 iptables -t nat -A PRERO...

...o -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -...

...RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -...

...find it a bit hard to understand. These are the rules I have set up: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [52:5888] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -m udp -p udp --dport 53 -m comment --comment "DNS" -j ACCEPT -A INPUT -m udp -p udp --dport 123 -m comment --comment "NTP" -j ACCEPT -A INPUT -m udp -p udp --dport 135 -m comment --comment "RPC UDP" -j ACCEPT -A INPUT -m udp -p udp --dport 389 -m...

...----------------------------------------------------------------------------------------------------------------------------- >iptables -F >iptables -t nat -F >iptables -P INPUT DROP >iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT >iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT >iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT >iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT >iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT >iptables -A INPUT -i eth0 -p udp --dport...

...Chain loc2net (1 references) pkts bytes target prot opt in out source destination 63 2907 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 432 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,110,143,443,6002 93 4464 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (3 references) pkts bytes target prot opt in out source destination 99 4761 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB...

...0 0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS set 0x08 0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x08 tcp 6 66 TIME_WAIT src=202.124.35.41 dst=64.41.73.139 sport=4710 dport=80 src=64.41.73.139 dst=202.124.35.41 sport=80 dport=4710 [ASSURED] use=1 tcp 6 117 TIME_WAIT src=202.124.35.41 dst=64.233.171.104 sport=4702 dport=80 src=64.233.171.104 dst=202.124.35.41 sport=80 dport=4702 [ASSURED] use=1 tcp 6 431995 ESTABLISHED src=202.124.35.37 dst=201.224.87.98...

Hi, I get frequent logfile entries from Shorewall similar to the following: Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2 OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10 DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ] Could someone explain what the

...-A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # LOOPBACK, ESTABLISHED & RELATED CONNECTIONS iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # SSH iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # WEB SERVICES iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT # EMAIL iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 993...

...-A INPUT -s 187.115.128.180 -j ACCEPT iptables -A INPUT -s 189.47.133.38 -j ACCEPT iptables -A INPUT -s 200.211.36.2 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --syn -j LOG ############################################################################### iptables -A FORWARD -d www.adobe.com -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -d get.adobe.com -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -d www.bb.com.br -p tcp -j ACCEPT iptables -A FORWARD -d 201.76.59.4 -p tcp -j ACCEPT iptables -A FORWARD -d 201.82.108.8 -p tcp -j ACCEPT iptables -A FORWARD -d 201.76.59.4 -p udp -j ACCEPT iptable...

...do appologize if this is something that was already discussed somewhere else... but for now I was not able to find the appropriate How-To. Would anybody know what the IPTABLES entries are to have working Samba4 Domain Controller? I tried the following: -A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 749 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 88 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT -A INPUT -d SERVERIP/32 -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,...

...ables -P FORWARD ACCEPT ## Empezamos a filtrar # El localhost se deja (por ejemplo conexiones locales a mysql) /sbin/iptables -A INPUT -i lo -j ACCEPT # Permito las IP iptables -A INPUT -s 192.168.1.5 -j ACCEPT #permito el acceso a servicio ntp /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --dport 123 -j ACCEPT /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --sport 123 -m state --state RELATED,ESTABLISHED -j ACCEPT #permito el acceso a smb-udp #lan dvm /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 88 -j ACCEPT /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp -...