* Wrong ips
@ 2007-02-01 5:51 Alexander Pyhalov
2007-02-01 11:37 ` Georgi Alexandrov
2007-02-01 16:25 ` Pascal Hambourg
0 siblings, 2 replies; 4+ messages in thread
From: Alexander Pyhalov @ 2007-02-01 5:51 UTC (permalink / raw)
To: netfilter
Hello.
Maybe I'm doing something wrong, but I have the following trouble.
I have kernel 2.6.17.11 and options, related to netfilter in it :
//////////////////////////////////////////////
CONFIG_NETFILTER=y
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
//////////////////////////////////////////////
lsmod shows, that all related to netfilter (as I think) modules are loaded:
af_packet 16904 0
xt_tcpudp 3584 0
ip_queue 8480 0
ipt_iprange 1920 0
ipt_REJECT 4608 0
ipt_LOG 6656 0
iptable_filter 2816 0
ip_tables 14556 1 iptable_filter
x_tables 12932 5 xt_tcpudp,ipt_iprange,ipt_REJECT,ipt_LOG,ip_tables
capability 5128 0
commoncap 7424 1 capability
...
iptables version is 1.3.6
I'm trying to add some rules, but they don't work, when contain port numbers:
When I'm adding the following rule
# Access to HTTP server
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Access to SSH is allowed to all
iptables -A INPUT -p tcp -m --dport 22 -j ACCEPT
# Access to Tomcat
iptables -A INPUT -s <ip1>ACCEPT
iptables -A INPUT -s <ip2> -j ACCEPT
# Access to SMB is allowed to all
iptables -A INPUT -p tcp -m --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -m --dport 445 -j ACCEPT
iptables -P INPUT REJECT
I can't ssh to server.
When I do
iptables -A INPUT -s <my ip> -j ACCEPT
everything is fine.
Now I do
iptables -A INPUT -p tcp -m tcp -s <my ip> -j LOG
and got something strange in log:
eb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=47.98.0.13 LEN=15942 TOS=0x14 P
REC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.8.0 DST=0.0.0.13 LEN=0 TOS=0x00 PREC=0x00 T
TL=0 ID=0 PROTO=0
Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=0.0.0.13 LEN=15942 TOS=0x14 PRE
C=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.49.48.58 DST=255.255.0.13 LEN=15942 TOS=0x14
PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb 1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
Feb 1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.0.0 DST=0.0.0.13 LEN=19526 TOS=0x04 PREC=0x
40 TTL=0 ID=257 FRAG:256 PROTO=0
But these ip addresses are not my ip addresses.
They even don't exist in network environment....
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Wrong ips
2007-02-01 5:51 Wrong ips Alexander Pyhalov
@ 2007-02-01 11:37 ` Georgi Alexandrov
2007-02-01 11:48 ` Alexander Pyhalov
2007-02-01 16:25 ` Pascal Hambourg
1 sibling, 1 reply; 4+ messages in thread
From: Georgi Alexandrov @ 2007-02-01 11:37 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 3777 bytes --]
Alexander Pyhalov wrote:
> Hello.
> Maybe I'm doing something wrong, but I have the following trouble.
> I have kernel 2.6.17.11 and options, related to netfilter in it :
> //////////////////////////////////////////////
> CONFIG_NETFILTER=y
> CONFIG_NETFILTER_NETLINK=m
> CONFIG_NETFILTER_NETLINK_LOG=m
> CONFIG_NETFILTER_XTABLES=m
> CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
> CONFIG_IP_NF_CONNTRACK=m
> CONFIG_IP_NF_FTP=m
> CONFIG_IP_NF_IRC=m
> CONFIG_IP_NF_TFTP=m
> CONFIG_IP_NF_AMANDA=m
> CONFIG_IP_NF_QUEUE=m
> CONFIG_IP_NF_IPTABLES=m
> CONFIG_IP_NF_MATCH_IPRANGE=m
> CONFIG_IP_NF_FILTER=m
> CONFIG_IP_NF_TARGET_REJECT=m
> CONFIG_IP_NF_TARGET_LOG=m
> CONFIG_IP_NF_TARGET_ULOG=m
> //////////////////////////////////////////////
>
> lsmod shows, that all related to netfilter (as I think) modules are loaded:
> af_packet 16904 0
> xt_tcpudp 3584 0
> ip_queue 8480 0
> ipt_iprange 1920 0
> ipt_REJECT 4608 0
> ipt_LOG 6656 0
> iptable_filter 2816 0
> ip_tables 14556 1 iptable_filter
> x_tables 12932 5 xt_tcpudp,ipt_iprange,ipt_REJECT,ipt_LOG,ip_tables
> capability 5128 0
> commoncap 7424 1 capability
> ...
>
> iptables version is 1.3.6
>
> I'm trying to add some rules, but they don't work, when contain port numbers:
>
> When I'm adding the following rule
>
> # Access to HTTP server
> iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> # Access to SSH is allowed to all
> iptables -A INPUT -p tcp -m --dport 22 -j ACCEPT
This line is wrong ^
> # Access to Tomcat
> iptables -A INPUT -s <ip1>ACCEPT
> iptables -A INPUT -s <ip2> -j ACCEPT
> # Access to SMB is allowed to all
> iptables -A INPUT -p tcp -m --dport 139 -j ACCEPT
> iptables -A INPUT -p tcp -m --dport 445 -j ACCEPT
> iptables -P INPUT REJECT
>
> I can't ssh to server.
> When I do
> iptables -A INPUT -s <my ip> -j ACCEPT
> everything is fine.
>
> Now I do
>
> iptables -A INPUT -p tcp -m tcp -s <my ip> -j LOG
>
> and got something strange in log:
> eb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
> PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=47.98.0.13 LEN=15942 TOS=0x14 P
> REC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.8.0 DST=0.0.0.13 LEN=0 TOS=0x00 PREC=0x00 T
> TL=0 ID=0 PROTO=0
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=0.0.0.13 LEN=15942 TOS=0x14 PRE
> C=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.49.48.58 DST=255.255.0.13 LEN=15942 TOS=0x14
> PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
> PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.0.0 DST=0.0.0.13 LEN=19526 TOS=0x04 PREC=0x
> 40 TTL=0 ID=257 FRAG:256 PROTO=0
>
> But these ip addresses are not my ip addresses.
> They even don't exist in network environment....
>
>
>
>
--
regards,
Georgi Alexandrov
key server - pgp.mit.edu :: key id - 0x37B4B3EE
Key fingerprint = E429 BF93 FA67 44E9 B7D4 F89E F990 01C1 37B4 B3EE
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Wrong ips
2007-02-01 11:37 ` Georgi Alexandrov
@ 2007-02-01 11:48 ` Alexander Pyhalov
0 siblings, 0 replies; 4+ messages in thread
From: Alexander Pyhalov @ 2007-02-01 11:48 UTC (permalink / raw)
To: netfilter
On Thursday 01 February 2007 14:37, Georgi Alexandrov wrote:
> > # šAccess to HTTP server
> > iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> > # šAccess to SSH is allowed to all
> > iptables -A INPUT -p tcp -m --dport 22 -j ACCEPT
>
> This line is wrong ^
I know - it's my misprint ( only in letter )
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Wrong ips
2007-02-01 5:51 Wrong ips Alexander Pyhalov
2007-02-01 11:37 ` Georgi Alexandrov
@ 2007-02-01 16:25 ` Pascal Hambourg
1 sibling, 0 replies; 4+ messages in thread
From: Pascal Hambourg @ 2007-02-01 16:25 UTC (permalink / raw)
To: netfilter
Hello,
Alexander Pyhalov a écrit :
> I'm trying to add some rules, but they don't work, when contain port numbers:
>
> When I'm adding the following rule
>
> # Access to HTTP server
> iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> # Access to SSH is allowed to all
> iptables -A INPUT -p tcp -m --dport 22 -j ACCEPT
> # Access to Tomcat
> iptables -A INPUT -s <ip1>ACCEPT
> iptables -A INPUT -s <ip2> -j ACCEPT
> # Access to SMB is allowed to all
> iptables -A INPUT -p tcp -m --dport 139 -j ACCEPT
> iptables -A INPUT -p tcp -m --dport 445 -j ACCEPT
> iptables -P INPUT REJECT
There are typoes. Can you copy the output of iptables-save ?
> I can't ssh to server.
"Server" = the host on which the above rules are created ?
> iptables -A INPUT -p tcp -m tcp -s <my ip> -j LOG
>
> and got something strange in log:
> eb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
> PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=47.98.0.13 LEN=15942 TOS=0x14 P
> REC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.8.0 DST=0.0.0.13 LEN=0 TOS=0x00 PREC=0x00 T
> TL=0 ID=0 PROTO=0
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=0.0.0.13 LEN=15942 TOS=0x14 PRE
> C=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:12 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.49.48.58 DST=255.255.0.13 LEN=15942 TOS=0x14
> PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=58.48.57.58 DST=255.255.0.13 LEN=15942 TOS=0x14
> PREC=0x20 TTL=49 ID=25954 MF FRAG:32 PROTO=32
> Feb 1 08:15:13 athena kernel: IN=eth0 OUT= MAC=00:0d:60:eb:a7:7c:00:02:b3:d6:be:9d:08:00 SRC=0.0.0.0 DST=0.0.0.13 LEN=19526 TOS=0x04 PREC=0x
> 40 TTL=0 ID=257 FRAG:256 PROTO=0
>
> But these ip addresses are not my ip addresses.
Invalid IP address (DST=0.0.0.13), huge packet length (LEN=15942),
unknown protocol number (PROTO=32)... It looks like the LOG output is
completely messed up. Can you compare this to a network packet capture
using tcpdump/ethereal/wireshark/other ?
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-02-01 16:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-01 5:51 Wrong ips Alexander Pyhalov
2007-02-01 11:37 ` Georgi Alexandrov
2007-02-01 11:48 ` Alexander Pyhalov
2007-02-01 16:25 ` Pascal Hambourg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.