[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] cron errors after gShield firewall install
- Subject: RE: [cobalt-users] cron errors after gShield firewall install
- From: "Robert Roose" <robertr@xxxxxxxxxxxxx>
- Date: Wed Aug 7 00:02:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Little update.
I installed the Cobalt Security update and had to reboot my cobalt. So
here's a good opportunity to show you my iptables output when I haven't
started my firewall yet.
Here goes:
--------------------------------------------
[root cron.hourly]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
acctin all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
acctout all -- anywhere anywhere
Chain acctin (1 references)
target prot opt source destination
all -- anywhere localhost
all -- anywhere myhost.mydomain.nl
Chain acctout (1 references)
target prot opt source destination
all -- localhost anywhere
all -- my.servername.nl anywhere
-------------------------------------------------------
End.
> -----Original Message-----
> From: Robert Roose
> Sent: dinsdag 6 augustus 2002 14:50
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] cron errors after gShield firewall install
>
>
> [root robertr]# iptables -L
> Chain INPUT (policy DROP)
> target prot opt source destination
> loopback all -- anywhere anywhere
> RESERVED all -- 10.0.0.0/8 anywhere
> RESERVED all -- 172.16.0.0/12 anywhere
> RESERVED all -- 192.168.0.0/16 anywhere
> RESERVED all -- ALL-SYSTEMS.MCAST.NET anywhere
> RESERVED all -- ALL-ROUTERS.MCAST.NET anywhere
> RESERVED all -- DVMRP.MCAST.NET anywhere
> RESERVED all -- OSPF-ALL.MCAST.NET anywhere
> RESERVED all -- OSPF-DSIG.MCAST.NET anywhere
> RESERVED all -- RIP2-ROUTERS.MCAST.NET anywhere
> RESERVED all -- PIM-ROUTERS.MCAST.NET anywhere
> RESERVED all -- ALL-CBT-ROUTERS.MCAST.NET anywhere
> MULTICAST all -- ALL-SYSTEMS.MCAST.NET anywhere
> MULTICAST all -- ALL-ROUTERS.MCAST.NET anywhere
> MULTICAST all -- DVMRP.MCAST.NET anywhere
> MULTICAST all -- OSPF-ALL.MCAST.NET anywhere
> MULTICAST all -- OSPF-DSIG.MCAST.NET anywhere
> MULTICAST all -- RIP2-ROUTERS.MCAST.NET anywhere
> MULTICAST all -- PIM-ROUTERS.MCAST.NET anywhere
> MULTICAST all -- ALL-CBT-ROUTERS.MCAST.NET anywhere
> ACCEPT icmp -- anywhere anywhere limit: avg
> 1/sec burst 5
> ACCEPT udp -- anywhere anywhere udp
> spts:32769:65535 dpts:33434:33523
> ACCEPT udp -- 132.163.135.130 anywhere
> udp spt:ntp
> dpts:1024:65535
> ACCEPT udp -- otc2.psu.edu anywhere
> udp spt:ntp
> dpts:1024:65535
> ACCEPT udp -- time-nw.nist.gov anywhere
> udp spt:ntp
> dpts:1024:65535
> DNS udp -- my.servername.nl anywhere udp
> spt:domain
> DNS udp -- localhost anywhere udp
> spt:domain
> DNS udp -- my.servername.nl anywhere udp
> spt:domain
> PUBLIC tcp -- anywhere my.servername.nltcp dpt:ftp
> PUBLIC tcp -- anywhere my.servername.nltcp
> dpt:ftp-data
> PUBLIC tcp -- anywhere my.servername.nltcp dpt:www
> PUBLIC udp -- anywhere my.servername.nludp dpt:www
> PUBLIC tcp -- anywhere my.servername.nltcp
> dpt:https
> PUBLIC udp -- anywhere my.servername.nludp
> dpt:https
> PUBLIC tcp -- anywhere my.servername.nltcp dpt:smtp
> PUBLIC tcp -- anywhere my.servername.nltcp dpt:pop3
> PUBLIC udp -- anywhere my.servername.nludp dpt:pop3
> PUBLIC tcp -- anywhere my.servername.nltcp
> dpt:domain
> PUBLIC udp -- anywhere my.servername.nludp
> dpt:domain
> PUBLIC tcp -- anywhere my.servername.nltcp dpt:ssh
> PUBLIC udp -- anywhere my.servername.nludp dpt:ssh
> OPENPORT tcp -- anywhere anywhere tcp
> dpt:domain
> OPENPORT udp -- anywhere anywhere udp
> dpt:domain
> OPENPORT tcp -- anywhere anywhere
> tcp dpt:81
> OPENPORT udp -- anywhere anywhere
> udp dpt:81
> OPENPORT tcp -- anywhere anywhere
> tcp dpt:snpp
>
> OPENPORT udp -- anywhere anywhere
> udp dpt:snpp
>
> OPENPORT tcp -- anywhere anywhere tcp
> dpt:chiliasp0
> OPENPORT udp -- anywhere anywhere
> udp dpt:3000
>
> OPENPORT tcp -- anywhere anywhere tcp
> dpt:chiliasp1
> OPENPORT udp -- anywhere anywhere
> udp dpt:3001
>
> OPENPORT tcp -- anywhere anywhere tcp
> dpt:chiliasp2
> OPENPORT udp -- anywhere anywhere
> udp dpt:5100
>
> SCAN tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG state
> INVALID,NEW,RELATED
> SCAN tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/NONE state INVALID,NEW,RELATED
> SCAN tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN state INVALID,NEW,RELATED
> STATEFUL all -- anywhere anywhere
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> SCAN tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
> SCAN tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/NONE
> BLOCK_OUT tcp -- anywhere anywhere tcp
> dpt:netbios-ns
> BLOCK_OUT udp -- anywhere anywhere udp
> dpt:netbios-ns
> BLOCK_OUT tcp -- anywhere anywhere tcp
> dpt:netbios-dgm
> BLOCK_OUT udp -- anywhere anywhere udp
> dpt:netbios-dgm
> BLOCK_OUT tcp -- anywhere anywhere tcp
> dpt:netbios-ssn
> BLOCK_OUT udp -- anywhere anywhere udp
> dpt:netbios-ssn
> STATEFUL all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> loopback all -- anywhere anywhere
> DROP icmp -- anywhere anywhere state
> INVALID
> BLOCK_OUT tcp -- anywhere anywhere tcp
> dpt:netbios-ns
> BLOCK_OUT udp -- anywhere anywhere udp
> dpt:netbios-ns
> BLOCK_OUT tcp -- anywhere anywhere tcp
> dpt:netbios-dgm
> BLOCK_OUT udp -- anywhere anywhere udp
> dpt:netbios-dgm
> BLOCK_OUT tcp -- anywhere anywhere tcp
> dpt:netbios-ssn
> BLOCK_OUT udp -- anywhere anywhere udp
> dpt:netbios-ssn
>
> Chain ACCEPTnLOG (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (accept) '
> ACCEPT all -- anywhere anywhere
>
> Chain BLACKLIST (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (blacklisted drop) '
> DROP all -- anywhere anywhere
>
> Chain BLOCK_OUT (12 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain CLIENT (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain CLOSED (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (closed port drop) '
> DROP tcp -- anywhere anywhere
> DROP udp -- anywhere anywhere
> DROP all -- anywhere anywhere
>
> Chain DHCP (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (DHCP accept) '
> ACCEPT all -- anywhere anywhere
>
> Chain DMZ (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (DMZ drop) '
> DROP all -- anywhere anywhere
>
> Chain DNS (3 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain DROPICMP (0 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain DROPnLOG (1 references)
> target prot opt source destination
> DROP udp -- anywhere anywhere udp
> dpts:netbios-ns:netbios-ssn
> ACCEPT tcp -- anywhere anywhere
> tcp spt:www
> dpts:1024:65535 flags:!SYN,RST,ACK/SYN
> DROP udp -- anywhere 255.255.255.255 udp
> spt:bootps dpt:bootpc
> LOG all -- anywhere anywhere limit: avg
> 20/min burst 5 LOG level warning prefix `gShield (default drop) '
> LOG 47 -- anywhere anywhere limit: avg
> 20/min burst 5 LOG level warning prefix `gShield (default
> drop / GRE) '
> DROP tcp -- anywhere anywhere
> DROP udp -- anywhere anywhere
> DROP all -- anywhere anywhere
>
> Chain HIGHPORT (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain MON_OUT (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain MULTICAST (8 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain OPENPORT (12 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain PUBLIC (13 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain RESERVED (11 references)
> target prot opt source destination
> DROP tcp -- anywhere anywhere
> DROP udp -- anywhere anywhere
> DROP all -- anywhere anywhere
>
> Chain SCAN (5 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (possible port scan) '
> DROP all -- anywhere anywhere
>
> Chain SERVICEDROP (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> warning prefix `gShield (service drop) '
> DROP tcp -- anywhere anywhere
> DROP udp -- anywhere anywhere
> DROP all -- anywhere anywhere
>
> Chain STATEFUL (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere state NEW
> DROPnLOG all -- anywhere anywhere
>
> Chain loopback (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> > -----Original Message-----
> > From: Tarun Dua [mailto:tarundua@xxxxxxxxxxxx]
> > Sent: dinsdag 6 augustus 2002 11:45
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: Re: [cobalt-users] cron errors after gShield
> firewall install
> >
> >
> > whats the output of iptables -L?
> > Regards
> >
> > --
> > Tarun Dua
> > Sr. Exec. System Administrator
> > ------------------------------------------------
> > Pugmarks InterWeb Pvt. Ltd. INDIA Tel: (172) 622-753, 54, 55
> > Fax: 91 (172) 645-906 Pugmarks Inc. USA Tel: (630) 571-0699,
> > Fax: (630) 571-0642 http://www.pugmarks.net
> > ----- Original Message -----
> > From: "Robert Roose" <robertr@xxxxxxxxxxxxx>
> > To: <cobalt-users@xxxxxxxxxxxxxxx>
> > Sent: Tuesday, August 06, 2002 2:58 PM
> > Subject: RE: [cobalt-users] cron errors after gShield
> firewall install
> >
> >
> > > Module Size Used by
> > > ipt_TOS 1392 22 (autoclean)
> > > ipt_state 1104 6 (autoclean)
> > > ip_conntrack 16080 1 (autoclean) [ipt_state]
> > > I've got this output with lsmod so it seems to be correct.
> > >
> > > ipt_LOG 3728 9 (autoclean)
> > > ipt_limit 1408 3 (autoclean)
> > > iptable_mangle 2208 0 (autoclean) (unused)
> > > phoenix-2.4.16C12_V 39792 4
> > > iptable_filter 2208 0 (autoclean) (unused)
> > > ip_tables 11104 6 [ipt_TOS ipt_state ipt_LOG
> > ipt_limit
> > > iptable_mangle iptable_filter]
> > > bwmgmt 24624 1 (autoclean)
> > > natsemi 16176 1
> > >
> > > --
> > > Robert
> > >
> > > > -----Original Message-----
> > > > From: Tarun Dua [mailto:tarundua@xxxxxxxxxxxx]
> > > > Sent: dinsdag 6 augustus 2002 10:54
> > > > To: cobalt-users@xxxxxxxxxxxxxxx
> > > > Subject: Re: [cobalt-users] cron errors after gShield firewall
> > > > install
> > > >
> > > >
> > > > hope you loaded the required kernal modules for iptables
> > use lsmod
> > > > to check whether the required iptables related *.o modules are
> > > > loaded or not. lsmod output should show similar output.
> > > >
> > > > ipt_state 1152 2 (autoclean)
> > > > ipt_LOG 3984 9 (autoclean)
> > > > ipt_REJECT 3552 9 (autoclean)
> > > > ipt_limit 1488 3 (autoclean)
> > > > iptable_mangle 2256 0 (autoclean) (unused)
> > > > iptable_nat 18224 1 (autoclean) [ip_nat_ftp]
> > > > ip_conntrack 16944 3 (autoclean) [ip_nat_ftp
> > > > ip_conntrack_ftp
> > > > ipt_state iptable_nat]
> > > > iptable_filter 2256 0 (autoclean) (unused)
> > > > ip_tables 11392 9 [ipt_state ipt_LOG
> > > > ipt_REJECT ipt_limit
> > > > iptable_mangle iptable_nat iptable_filter]
> > > >
> > > > Its not difficult :) you can definitely try to configure the
> > > > iptables yourself with logging instead of using gshield.
> > > >
> > > > Regards
> > > > --
> > > > Tarun Dua
> > > > Sr. Exec. System Administrator
> > > > ------------------------------------------------
> > > > Pugmarks InterWeb Pvt. Ltd. INDIA Tel: (172) 622-753, 54, 55
> > > > Fax: 91 (172) 645-906 Pugmarks Inc. USA Tel: (630) 571-0699,
> > > > Fax: (630) 571-0642 http://www.pugmarks.net
> > > > > Hiya again :)
> > > > >
> > > > > after trying PMFirewall on my RaQ550 (wich doesn't work
> > > > with iptables)
> > > > > I installed gShield firewall.
> > > > >
> > > > > Everything's working fine on the firewall part but I get
> > > > cron.hourly
> > > > > mails about iptables..
> > > > >
> > > > > This is the error I'm getting:
> > > > >
> > > > > iptables: Table does not exist (do you need to insmod?)
> > > > > iptables: No chain/target/match by that name
> > > > > iptables: No chain/target/match by that name
> > > > > iptables: No chain/target/match by that name
> > > > > iptables: No chain/target/match by that name
> > > > >
> > > > > If I disable the firewall the error's are gone but when I
> > > > re-enable it
> > > > > the messages return.
> > > > >
> > > > > In my /etc/cron.hourly there's a file called
> > log_traffic and this
> > > > > is in it:
> > > > >
> > > > > # Update the accounting rules and the ipchains/tables
> > > > config file if
> >
> > > > > $TABLES ]; then
> > > > > echo "# $FWCONFIGFILE
> > > > > # This file is automatically generated by log_traffic. # Any
> > > > > manual changes will be lost $IPTABLES -N acctin >
> /dev/null 2>&1
> > > > > $IPTABLES -N acctout > /dev/null 2>&1
> > > > > $IPTABLES -F acctin
> > > > > $IPTABLES -F acctout
> > > > > $IPTABLES -I INPUT 1 -j acctin
> > > > > $IPTABLES -I OUTPUT 1 -j acctout" > $FWCONFIGFILE
> > > > > else
> > > > > echo "# $FWCONFIGFILE
> > > > > # This file is automatically generated by log_traffic.
> > > > > # Any manual changes will be lost
> > > > > $IPCHAINS -N acctin
> > > > > $IPCHAINS -N acctout
> > > > > $IPCHAINS -F acctin
> > > > > $IPCHAINS -F acctout
> > > > > $IPCHAINS -I input 2 -j acctin
> > > > > $IPCHAINS -I output 2 -j acctout" > $FWCONFIGFILE
> > > > >
> > > > > now, I don't get it.. :P
> > > > >
> > > > > It seems that the firewall clears the statements and the
> > > > traffic log
> > > > > uses some statements???
> > > >
> > > >
> > > > _____________________________________
> > > > cobalt-users mailing list
> > > > cobalt-users@xxxxxxxxxxxxxxx
> > > > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> > > > http://list.cobalt.com/mailman/listinfo/cobalt> -users
> > > >
> > >
> > > _____________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _____________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt> -users
> >
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>