thr3ads.net - Shorewall users - [Shorewall-users] cant open port [Aug 2003]

If this information is useful, please help other people find it:
Share via:

andrew

2003-Aug-25 16:27 UTC

[Shorewall-users] cant open port

the solution for this is problay going to be very simple but im a linux noob 
and cant seam to work out what is going wrong. I am running madrake linux 9.0 
I installed it without shorewall and then installed shorewall  from the 
shorewall site. I also installed apache 2.0.46 and got it to bind to all IPs 
on port 80 I know its working because i can get it on the loopback. But i 
cant get it though the ppp0 interface. also when i nmap the ppp0 ip it shows 
all ports closed even tho i have the line

ACCEPT	net	fw	tcp	80,443	

in the rules file I also know shorewall is processing the file because during 
a reset it displays the rule.

help why woulnt the port open?????
>>>>Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Restarting Shorewall...
Loading Modules...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Connection Tracking Match: Not available
Determining Zones...
   Zones: net
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   Net Zone: ppp0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
   Rule "ACCEPT net fw tcp 80,443 -" added.
Processing /etc/shorewall/policy...
   Policy ACCEPT for fw to net using chain fw2net
   Policy DROP for net to fw using chain net2all
Masqueraded Subnets and Hosts:
Processing /etc/shorewall/tos...
   Rule "all all tcp - ssh 16" added.
   Rule "all all tcp ssh - 16" added.
   Rule "all all tcp - ftp 16" added.
   Rule "all all tcp ftp - 16" added.
   Rule "all all tcp ftp-data - 8" added.
   Rule "all all tcp - ftp-data 8" added.
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Restarted>>>>

requested info

shorewall version 1.4.6b>>>ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:06:4f:04:04:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 3
    link/ppp 
    inet 81.131.69.16 peer 212.140.212.77/32 scope global
ppp0>>>
>>>ip route show
212.140.212.77 dev ppp0  proto kernel  scope link  src 81.131.69.16 
127.0.0.0/8 dev lo  scope link 
default via 212.140.212.77 dev ppp0 >>>

-- 
Thanks in advance
-------------- next part --------------
[H[2JShorewall-1.4.6b Status at Dominic.localnet - Tue Aug 26 01:00:16 BST 2003

Counters reset Tue Aug 26 00:59:35 BST 2003

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    8   691 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
    8   533 ppp0_in    all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
    0     0 ppp0_fwd   all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    8   691 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
state INVALID
    7   447 fw2net     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain all2all (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:''
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain common (5 references)
 pkts bytes target     prot opt in     out     source               destination
    2   184 icmpdef    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:135
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:137:139
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:445
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:139
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:445
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:135
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:1900
    0     0 DROP       all  --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:113
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp spt:53 state NEW
    1    44 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x10/0x10
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x04/0x04
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x01/0x01

Chain dynamic (2 references)
 pkts bytes target     prot opt in     out     source               destination

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5   248 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    2   199 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain net2all (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    3   228 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    2   184 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
    2   184 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5   305 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
multiport dports 80,443 state NEW
    3   228 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ppp0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ppp0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    8   533 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    8   533 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-host-prohibited

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination

Aug 26 00:56:12 net2all:DROP:IN=ppp0 OUT= SRC=81.131.212.179 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=21394 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=52292
Aug 26 00:56:32 net2all:DROP:IN=ppp0 OUT= SRC=81.131.68.31 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=52166 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=27766
Aug 26 00:56:32 net2all:DROP:IN=ppp0 OUT= SRC=81.131.52.50 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=20932 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=42279
Aug 26 00:56:38 net2all:DROP:IN=ppp0 OUT= SRC=81.131.210.180 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=63605 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=11574
Aug 26 00:56:50 net2all:DROP:IN=ppp0 OUT= SRC=81.131.77.53 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=22742 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=52292
Aug 26 00:56:58 net2all:DROP:IN=ppp0 OUT= SRC=81.131.172.243 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=53272 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=7736
Aug 26 00:57:05 net2all:DROP:IN=ppp0 OUT= SRC=81.131.90.130 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=28173 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=52292
Aug 26 00:57:10 net2all:DROP:IN=ppp0 OUT= SRC=81.131.37.120 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=27262 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=52292
Aug 26 00:57:27 net2all:DROP:IN=ppp0 OUT= SRC=81.131.119.73 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=10775 PROTO=ICMP TYPE=8 CODE=0 ID=1024
SEQ=52134
Aug 26 00:57:39 net2all:DROP:IN=ppp0 OUT= SRC=81.131.111.22 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=57736 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=9270
Aug 26 00:58:14 net2all:DROP:IN=ppp0 OUT= SRC=81.131.205.31 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=127 ID=19576 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=52292
Aug 26 00:58:15 net2all:DROP:IN=ppp0 OUT= SRC=81.131.54.235 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=24198 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=52036
Aug 26 00:58:19 net2all:DROP:IN=ppp0 OUT= SRC=81.131.208.60 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=127 ID=26187 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=52292
Aug 26 00:58:36 net2all:DROP:IN=ppp0 OUT= SRC=81.131.222.146 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=20902 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=52292
Aug 26 00:58:36 net2all:DROP:IN=ppp0 OUT= SRC=81.131.144.219 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=17034 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=37419
Aug 26 00:58:37 net2all:DROP:IN=ppp0 OUT= SRC=81.131.31.220 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=25502 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=64580
Aug 26 00:58:46 net2all:DROP:IN=ppp0 OUT= SRC=81.131.118.198 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=23174 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=52292
Aug 26 00:59:16 net2all:DROP:IN=ppp0 OUT= SRC=81.131.149.250 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=24108 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=52292
Aug 26 00:59:53 net2all:DROP:IN=ppp0 OUT= SRC=81.131.3.192 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=40624 PROTO=ICMP TYPE=8 CODE=0 ID=768
SEQ=24382
Aug 26 01:00:14 net2all:DROP:IN=ppp0 OUT= SRC=81.131.82.10 DST=81.131.69.16
LEN=92 TOS=0x00 PREC=0x00 TTL=126 ID=26025 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=52292

NAT Table

Chain PREROUTING (policy ACCEPT 3 packets, 228 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 2 packets, 199 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2 packets, 199 bytes)
 pkts bytes target     prot opt in     out     source               destination

Mangle Table

Chain PREROUTING (policy ACCEPT 19 packets, 1437 bytes)
 pkts bytes target     prot opt in     out     source               destination
   19  1437 pretos     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 19 packets, 1437 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 18 packets, 1338 bytes)
 pkts bytes target     prot opt in     out     source               destination
   18  1338 outtos     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 18 packets, 1338 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp dpt:20 TOS set 0x08

tcp      6 431999 ESTABLISHED src=81.131.69.16 dst=216.254.34.56 sport=32790
dport=23 src=216.254.34.56 dst=81.131.69.16 sport=23 dport=32790 [ASSURED] use=1
tcp      6 431999 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=32789 dport=4444
src=127.0.0.1 dst=127.0.0.1 sport=4444 dport=32789 [ASSURED] use=1
udp      17 7 src=81.131.69.16 dst=192.168.0.255 sport=631 dport=631 [UNREPLIED]
src=192.168.0.255 dst=81.131.69.16 sport=631 dport=631 use=1

Tom Eastep

2003-Aug-25 16:52 UTC

head link

[Shorewall-users] cant open port

On Mon, 2003-08-25 at 17:27, andrew wrote:> the solution for this is problay going to be very simple but im a linux
noob
> and cant seam to work out what is going wrong. I am running madrake linux
9.0
> I installed it without shorewall and then installed shorewall  from the 
> shorewall site. I also installed apache 2.0.46 and got it to bind to all
IPs
> on port 80 I know its working because i can get it on the loopback. But i 
> cant get it though the ppp0 interface. also when i nmap the ppp0 ip it
shows
> all ports closed even tho i have the line
> 
> ACCEPT	net	fw	tcp	80,443	
> 
> in the rules file I also know shorewall is processing the file because
during
> a reset it displays the rule.
> 
> help why woulnt the port open?????
> 
Unless your ISP specifically allows you to run servers, they are most
likely blocking inbound port 80. According to your "shorewall status",
no requests on port 80 have been received on ppp0.

As an aside, it doesn''t look like you followed the instructions at
http://www.shorewall.net/standalone.htm -- or if you did, you have then
specifically disabled ''ping'' from the net. 

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

andrew

2003-Aug-25 20:04 UTC

head link

[Shorewall-users] cant open port

how nice of mandrake to not include it.

Goes blah and wombles off to bed. maybe ill work it out tommorow

On Tuesday 26 Aug 2003 3:54 am, Tom Eastep wrote:> On Tue, 26 Aug 2003, andrew wrote:
> > if you need anymore info feel free to ask because im lost
>
> If it were my system, I would be looking at the ppp0 port 80 traffic using
> tcpdump.
>
> -Tom
-- 
thanks in advance	
Andrew

2003-Aug-26 06:59 UTC

head link

[Shorewall-users] cant open port

On Tue, 2003-08-26 at 05:02, andrew wrote:> how nice of mandrake to not include it.
It seems only not to be installed by default (depends on your settings
during installation). Install it using

# urpmi tcpdump

 karsten

> Goes blah and wombles off to bed. maybe ill work it out tommorow
> 
> On Tuesday 26 Aug 2003 3:54 am, Tom Eastep wrote:
> > On Tue, 26 Aug 2003, andrew wrote:
> > > if you need anymore info feel free to ask because im lost
> >
> > If it were my system, I would be looking at the ppp0 port 80 traffic
using
> > tcpdump.

-- 
Hi, I''m a signature virus. Copy me into your ~/.signature to help me
spread!

Shorewall users - Aug 2003 - cant open port

[Shorewall-users] cant open port

[Shorewall-users] cant open port

[Shorewall-users] cant open port

[Shorewall-users] cant open port