[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] cron errors after gShield firewall install
- Subject: RE: [cobalt-users] cron errors after gShield firewall install
- From: "Robert Roose" <robertr@xxxxxxxxxxxxx>
- Date: Tue Aug 6 05:53:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
[root robertr]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
loopback all -- anywhere anywhere
RESERVED all -- 10.0.0.0/8 anywhere
RESERVED all -- 172.16.0.0/12 anywhere
RESERVED all -- 192.168.0.0/16 anywhere
RESERVED all -- ALL-SYSTEMS.MCAST.NET anywhere
RESERVED all -- ALL-ROUTERS.MCAST.NET anywhere
RESERVED all -- DVMRP.MCAST.NET anywhere
RESERVED all -- OSPF-ALL.MCAST.NET anywhere
RESERVED all -- OSPF-DSIG.MCAST.NET anywhere
RESERVED all -- RIP2-ROUTERS.MCAST.NET anywhere
RESERVED all -- PIM-ROUTERS.MCAST.NET anywhere
RESERVED all -- ALL-CBT-ROUTERS.MCAST.NET anywhere
MULTICAST all -- ALL-SYSTEMS.MCAST.NET anywhere
MULTICAST all -- ALL-ROUTERS.MCAST.NET anywhere
MULTICAST all -- DVMRP.MCAST.NET anywhere
MULTICAST all -- OSPF-ALL.MCAST.NET anywhere
MULTICAST all -- OSPF-DSIG.MCAST.NET anywhere
MULTICAST all -- RIP2-ROUTERS.MCAST.NET anywhere
MULTICAST all -- PIM-ROUTERS.MCAST.NET anywhere
MULTICAST all -- ALL-CBT-ROUTERS.MCAST.NET anywhere
ACCEPT icmp -- anywhere anywhere limit: avg
1/sec burst 5
ACCEPT udp -- anywhere anywhere udp
spts:32769:65535 dpts:33434:33523
ACCEPT udp -- 132.163.135.130 anywhere udp spt:ntp
dpts:1024:65535
ACCEPT udp -- otc2.psu.edu anywhere udp spt:ntp
dpts:1024:65535
ACCEPT udp -- time-nw.nist.gov anywhere udp spt:ntp
dpts:1024:65535
DNS udp -- my.servername.nl anywhere udp
spt:domain
DNS udp -- localhost anywhere udp
spt:domain
DNS udp -- pluto.gigahosting.nl anywhere udp
spt:domain
PUBLIC tcp -- anywhere my.servername.nltcp dpt:ftp
PUBLIC tcp -- anywhere my.servername.nltcp
dpt:ftp-data
PUBLIC tcp -- anywhere my.servername.nltcp dpt:www
PUBLIC udp -- anywhere my.servername.nludp dpt:www
PUBLIC tcp -- anywhere my.servername.nltcp dpt:https
PUBLIC udp -- anywhere my.servername.nludp dpt:https
PUBLIC tcp -- anywhere my.servername.nltcp dpt:smtp
PUBLIC tcp -- anywhere my.servername.nltcp dpt:pop3
PUBLIC udp -- anywhere my.servername.nludp dpt:pop3
PUBLIC tcp -- anywhere my.servername.nltcp dpt:domain
PUBLIC udp -- anywhere my.servername.nludp dpt:domain
PUBLIC tcp -- anywhere my.servername.nltcp dpt:ssh
PUBLIC udp -- anywhere my.servername.nludp dpt:ssh
OPENPORT tcp -- anywhere anywhere tcp
dpt:domain
OPENPORT udp -- anywhere anywhere udp
dpt:domain
OPENPORT tcp -- anywhere anywhere tcp dpt:81
OPENPORT udp -- anywhere anywhere udp dpt:81
OPENPORT tcp -- anywhere anywhere tcp dpt:snpp
OPENPORT udp -- anywhere anywhere udp dpt:snpp
OPENPORT tcp -- anywhere anywhere tcp
dpt:chiliasp0
OPENPORT udp -- anywhere anywhere udp dpt:3000
OPENPORT tcp -- anywhere anywhere tcp
dpt:chiliasp1
OPENPORT udp -- anywhere anywhere udp dpt:3001
OPENPORT tcp -- anywhere anywhere tcp
dpt:chiliasp2
OPENPORT udp -- anywhere anywhere udp dpt:5100
SCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG state
INVALID,NEW,RELATED
SCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE state INVALID,NEW,RELATED
SCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN state INVALID,NEW,RELATED
STATEFUL all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
SCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
SCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE
BLOCK_OUT tcp -- anywhere anywhere tcp
dpt:netbios-ns
BLOCK_OUT udp -- anywhere anywhere udp
dpt:netbios-ns
BLOCK_OUT tcp -- anywhere anywhere tcp
dpt:netbios-dgm
BLOCK_OUT udp -- anywhere anywhere udp
dpt:netbios-dgm
BLOCK_OUT tcp -- anywhere anywhere tcp
dpt:netbios-ssn
BLOCK_OUT udp -- anywhere anywhere udp
dpt:netbios-ssn
STATEFUL all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
loopback all -- anywhere anywhere
DROP icmp -- anywhere anywhere state
INVALID
BLOCK_OUT tcp -- anywhere anywhere tcp
dpt:netbios-ns
BLOCK_OUT udp -- anywhere anywhere udp
dpt:netbios-ns
BLOCK_OUT tcp -- anywhere anywhere tcp
dpt:netbios-dgm
BLOCK_OUT udp -- anywhere anywhere udp
dpt:netbios-dgm
BLOCK_OUT tcp -- anywhere anywhere tcp
dpt:netbios-ssn
BLOCK_OUT udp -- anywhere anywhere udp
dpt:netbios-ssn
Chain ACCEPTnLOG (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (accept) '
ACCEPT all -- anywhere anywhere
Chain BLACKLIST (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (blacklisted drop) '
DROP all -- anywhere anywhere
Chain BLOCK_OUT (12 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain CLIENT (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain CLOSED (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (closed port drop) '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain DHCP (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (DHCP accept) '
ACCEPT all -- anywhere anywhere
Chain DMZ (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (DMZ drop) '
DROP all -- anywhere anywhere
Chain DNS (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain DROPICMP (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain DROPnLOG (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp spt:www
dpts:1024:65535 flags:!SYN,RST,ACK/SYN
DROP udp -- anywhere 255.255.255.255 udp
spt:bootps dpt:bootpc
LOG all -- anywhere anywhere limit: avg
20/min burst 5 LOG level warning prefix `gShield (default drop) '
LOG 47 -- anywhere anywhere limit: avg
20/min burst 5 LOG level warning prefix `gShield (default drop / GRE) '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain HIGHPORT (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain MON_OUT (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain MULTICAST (8 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OPENPORT (12 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain PUBLIC (13 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain RESERVED (11 references)
target prot opt source destination
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain SCAN (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (possible port scan) '
DROP all -- anywhere anywhere
Chain SERVICEDROP (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `gShield (service drop) '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain STATEFUL (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
DROPnLOG all -- anywhere anywhere
Chain loopback (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
> -----Original Message-----
> From: Tarun Dua [mailto:tarundua@xxxxxxxxxxxx]
> Sent: dinsdag 6 augustus 2002 11:45
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] cron errors after gShield firewall install
>
>
> whats the output of iptables -L?
> Regards
>
> --
> Tarun Dua
> Sr. Exec. System Administrator
> ------------------------------------------------
> Pugmarks InterWeb Pvt. Ltd. INDIA Tel: (172) 622-753, 54, 55
> Fax: 91 (172) 645-906 Pugmarks Inc. USA Tel: (630) 571-0699,
> Fax: (630) 571-0642 http://www.pugmarks.net
> ----- Original Message -----
> From: "Robert Roose" <robertr@xxxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Tuesday, August 06, 2002 2:58 PM
> Subject: RE: [cobalt-users] cron errors after gShield firewall install
>
>
> > Module Size Used by
> > ipt_TOS 1392 22 (autoclean)
> > ipt_state 1104 6 (autoclean)
> > ip_conntrack 16080 1 (autoclean) [ipt_state]
> > I've got this output with lsmod so it seems to be correct.
> >
> > ipt_LOG 3728 9 (autoclean)
> > ipt_limit 1408 3 (autoclean)
> > iptable_mangle 2208 0 (autoclean) (unused)
> > phoenix-2.4.16C12_V 39792 4
> > iptable_filter 2208 0 (autoclean) (unused)
> > ip_tables 11104 6 [ipt_TOS ipt_state ipt_LOG
> ipt_limit
> > iptable_mangle iptable_filter]
> > bwmgmt 24624 1 (autoclean)
> > natsemi 16176 1
> >
> > --
> > Robert
> >
> > > -----Original Message-----
> > > From: Tarun Dua [mailto:tarundua@xxxxxxxxxxxx]
> > > Sent: dinsdag 6 augustus 2002 10:54
> > > To: cobalt-users@xxxxxxxxxxxxxxx
> > > Subject: Re: [cobalt-users] cron errors after gShield firewall
> > > install
> > >
> > >
> > > hope you loaded the required kernal modules for iptables
> use lsmod
> > > to check whether the required iptables related *.o modules are
> > > loaded or not. lsmod output should show similar output.
> > >
> > > ipt_state 1152 2 (autoclean)
> > > ipt_LOG 3984 9 (autoclean)
> > > ipt_REJECT 3552 9 (autoclean)
> > > ipt_limit 1488 3 (autoclean)
> > > iptable_mangle 2256 0 (autoclean) (unused)
> > > iptable_nat 18224 1 (autoclean) [ip_nat_ftp]
> > > ip_conntrack 16944 3 (autoclean) [ip_nat_ftp
> > > ip_conntrack_ftp
> > > ipt_state iptable_nat]
> > > iptable_filter 2256 0 (autoclean) (unused)
> > > ip_tables 11392 9 [ipt_state ipt_LOG
> > > ipt_REJECT ipt_limit
> > > iptable_mangle iptable_nat iptable_filter]
> > >
> > > Its not difficult :) you can definitely try to configure the
> > > iptables yourself with logging instead of using gshield.
> > >
> > > Regards
> > > --
> > > Tarun Dua
> > > Sr. Exec. System Administrator
> > > ------------------------------------------------
> > > Pugmarks InterWeb Pvt. Ltd. INDIA Tel: (172) 622-753, 54, 55
> > > Fax: 91 (172) 645-906 Pugmarks Inc. USA Tel: (630) 571-0699,
> > > Fax: (630) 571-0642 http://www.pugmarks.net
> > > > Hiya again :)
> > > >
> > > > after trying PMFirewall on my RaQ550 (wich doesn't work
> > > with iptables)
> > > > I installed gShield firewall.
> > > >
> > > > Everything's working fine on the firewall part but I get
> > > cron.hourly
> > > > mails about iptables..
> > > >
> > > > This is the error I'm getting:
> > > >
> > > > iptables: Table does not exist (do you need to insmod?)
> > > > iptables: No chain/target/match by that name
> > > > iptables: No chain/target/match by that name
> > > > iptables: No chain/target/match by that name
> > > > iptables: No chain/target/match by that name
> > > >
> > > > If I disable the firewall the error's are gone but when I
> > > re-enable it
> > > > the messages return.
> > > >
> > > > In my /etc/cron.hourly there's a file called
> log_traffic and this
> > > > is in it:
> > > >
> > > > # Update the accounting rules and the ipchains/tables
> > > config file if
>
> > > > $TABLES ]; then
> > > > echo "# $FWCONFIGFILE
> > > > # This file is automatically generated by log_traffic.
> > > > # Any manual changes will be lost
> > > > $IPTABLES -N acctin > /dev/null 2>&1
> > > > $IPTABLES -N acctout > /dev/null 2>&1
> > > > $IPTABLES -F acctin
> > > > $IPTABLES -F acctout
> > > > $IPTABLES -I INPUT 1 -j acctin
> > > > $IPTABLES -I OUTPUT 1 -j acctout" > $FWCONFIGFILE
> > > > else
> > > > echo "# $FWCONFIGFILE
> > > > # This file is automatically generated by log_traffic.
> > > > # Any manual changes will be lost
> > > > $IPCHAINS -N acctin
> > > > $IPCHAINS -N acctout
> > > > $IPCHAINS -F acctin
> > > > $IPCHAINS -F acctout
> > > > $IPCHAINS -I input 2 -j acctin
> > > > $IPCHAINS -I output 2 -j acctout" > $FWCONFIGFILE
> > > >
> > > > now, I don't get it.. :P
> > > >
> > > > It seems that the firewall clears the statements and the
> > > traffic log
> > > > uses some statements???
> > >
> > >
> > > _____________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt> -users
> > >
> >
> > _____________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt> -users
>