iptables help needed

Simon Slater pyevet at aapt.net.au
Tue Jun 3 23:03:17 UTC 2008 

On Tue, 2008-06-03 at 17:40 +0200, François Patte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Le 03.06.2008 14:11, Simon Slater a écrit :
> | On Tue, 2008-06-03 at 18:17 +1000, Simon Slater wrote:
> |> On Tue, 2008-06-03 at 09:21 +0200, François Patte wrote:
> |>> I don't understand what you mean by "reset".
> |> Sorry François, I meant the TCP packet returned from the gateway has the
> |> flags reset and ack set, even after the command iptables -F.
> |>
> |> I will try this script now and post back.
> |>
> | 	I have run the script but the results may be a little unexpected.
> | Following are messages from the script.  None are as a result of
> | requesting web pages from the laptop, which still has the message that
> | the proxy server is refusing requests and wireshark shows the same
> | patterns.
> 
> I don't understand your config: 

I apologise for my terminology.  I've been working at this on and off
for some time and probably can't see the wood for the trees, so have
given a scattered explanation.

> you have a desktop connected to the
> Internet via ppp: 
Yes
> this desktop has a NIC (eth0) on which your laptop NIC
> is connected and you try to get Internet working on your laptop using
> your desktop as a gateway. Or is there a hub to which both desktop and
> laptop are connected?
There is a hub between laptop and desktop
> 
> In the first case (connection NIC to NIC) you need a cross ethernet
> cable, in the second case both ethernet cables are "straight" (don't not
> the exact word).
The cables are of the straight through type.  This same setup worked
only a few weeks ago with F7 before I installed F8. Same laptop, cables,
hub and desktop.
> 
> What is the proxy server you refer to?
> 
In previous posts I described what was being logged by Wireshark with
respect to tcp packets.  I forgot the broader picture of what Firefox on
the laptop was reporting, which is "Proxy server is refusing requests".
I have Firefox on the laptop

> |  These logged packets are when Evolution is fetching the
> | email.
> 
> The evolution request has been done from the desktop, not from the
> laptop. Am I right? Packets are dropped because port 110 is not allowed
> by the script, but, up to now this is not the problem.

Yes, Evolution runs on the desktop.  I added port 110 to your script
under the SMPT and NEWS section last night and those packets are not
being logged now.
> 
> The first thing is to explain your exact config.
I hope I have filled in the blanks for you.  Following are the logs from
the desktop this morning when i started the laptop and ran firefox.  The
web page it is looking for is http://start.fedoraproject.org/ .  Hope
this helps:

Jun  4 05:53:45 ipex pppd[8030]: LCP terminated by peer
Jun  4 05:53:45 ipex pppd[8030]: Connect time 480.0 minutes.
Jun  4 05:53:45 ipex pppd[8030]: Sent 397260 bytes, received 1968150
bytes.
Jun  4 05:53:48 ipex pppd[8030]: Connection terminated.
Jun  4 05:53:48 ipex pppd[8030]: Modem hangup
Jun  4 05:53:48 ipex pppd[8030]: Exit.
Jun  4 08:32:12 ipex pppd[10461]: pppd 2.4.4 started by root, uid 0
Jun  4 08:32:12 ipex pppd[10461]: Using interface ppp0
Jun  4 08:32:12 ipex pppd[10461]: Connect: ppp0 <--> /dev/ttyS0
Jun  4 08:32:12 ipex pppd[10461]: PAP authentication succeeded
Jun  4 08:32:13 ipex pppd[10461]: local  IP address 59.101.220.253
Jun  4 08:32:13 ipex pppd[10461]: remote IP address 210.8.1.12
Jun  4 08:32:13 ipex pppd[10461]: primary   DNS address 203.8.183.1
Jun  4 08:32:13 ipex pppd[10461]: secondary DNS address 192.189.54.33
You have new mail in /var/spool/mail/root

<SNIP>

Jun  4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=108 TOS=0x00 PREC=0xC0 TTL=64
ID=1346 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=80 TOS=0x00 PREC=0x00 TTL=252 ID=5354 DF PROTO=UDP SPT=53 DPT=39780
LEN=60 ]
Jun  4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=109 TOS=0x00 PREC=0xC0 TTL=64
ID=1347 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=81 TOS=0x00 PREC=0x00 TTL=252 ID=5356 DF PROTO=UDP SPT=53 DPT=39780
LEN=61 ]
Jun  4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=108 TOS=0x00 PREC=0xC0 TTL=64
ID=1348 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=80 TOS=0x00 PREC=0x00 TTL=252 ID=5355 DF PROTO=UDP SPT=53 DPT=39780
LEN=60 ]
Jun  4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=109 TOS=0x00 PREC=0xC0 TTL=64
ID=1349 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=81 TOS=0x00 PREC=0x00 TTL=252 ID=5357 DF PROTO=UDP SPT=53 DPT=39780
LEN=61 ]
Jun  4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=109 TOS=0x00 PREC=0xC0 TTL=64
ID=1350 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=81 TOS=0x00 PREC=0x00 TTL=252 ID=5359 DF PROTO=UDP SPT=53 DPT=39780
LEN=61 ]
Jun  4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=108 TOS=0x00 PREC=0xC0 TTL=64
ID=1351 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=80 TOS=0x00 PREC=0x00 TTL=252 ID=5360 DF PROTO=UDP SPT=53 DPT=39780
LEN=60 ]
Jun  4 08:49:55 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=105 TOS=0x00 PREC=0xC0 TTL=64
ID=1352 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=77 TOS=0x00 PREC=0x00 TTL=252 ID=5368 DF PROTO=UDP SPT=53 DPT=39780
LEN=57 ]
Jun  4 08:49:55 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=104 TOS=0x00 PREC=0xC0 TTL=64
ID=1353 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=76 TOS=0x00 PREC=0x00 TTL=252 ID=5369 DF PROTO=UDP SPT=53 DPT=39780
LEN=56 ]
Jun  4 08:49:55 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=104 TOS=0x00 PREC=0xC0 TTL=64
ID=1354 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=76 TOS=0x00 PREC=0x00 TTL=252 ID=5370 DF PROTO=UDP SPT=53 DPT=39780
LEN=56 ]
Jun  4 08:49:55 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.220.253 DST=203.8.183.1 LEN=105 TOS=0x00 PREC=0xC0 TTL=64
ID=1355 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253
LEN=77 TOS=0x00 PREC=0x00 TTL=252 ID=5371 DF PROTO=UDP SPT=53 DPT=39780
LEN=57 ]
[root at ipex ~]# 

The SRC= address looks like the internet address given by the ISP for
this dial-up session  and the DST= address is the primary DNS server. I
don't really understand the rest.  Does the ICMP mean it is a ping
request?

-- 
Regards,
Simon

More information about the fedora-list mailing list