Mdk shorewall+shaper=Broken pipe /sbin/iptables -L -n

	B O A R D
	» Board » Zadaj pytanie » Archiwum » Szukaj » Stylizacja

M E N U

» Nowości

» Archiwum

» Recenzje / Testy

» Board

» Rejestracja

Szukaj @ TwojePC

	OBECNI NA TPC
	» JaroMi 22:35 » Tomasz 22:31 » wrrr 22:29 » rulezDC 22:28 » Chrisu 22:21 » ulan 22:21 » Flo 22:14 » GLI 22:13 » DJopek 22:11 » Kenny 22:11 » ReeX 22:10 » ligand17 22:09 » P@blo 22:01 » Janusz 21:52 » biEski 21:51 » Dexter 21:50 » Katoda Lt 21:46 » DYD 21:43 » Sociu 21:41 » bajbusek 21:40 Dzisiaj przeczytano 41142 postów, wczoraj 25974 Szybkie ładowanie jest: włączone.

ccc

A R C H I W A L N A W I A D O M O Ś Ć

Mdk shorewall+shaper=Broken pipe /sbin/iptables -L -n , AwerS 23/07/05 23:51
Od dluzszego czasu uzywam shapera i nigdy nie mialem czasu do puki nie
musialem popaddzie dysku od nowa stawiac system sciagnowlem nowa wersje
shapera 6 maj 2005 i na mdk 2005 z najnowszym shorewall'em 2.4 moj
firewall wykonany przez niego wyglada mniej wiecej tak

# Generated by iptables-save v1.2.9 on Sat Jul 23 22:02:11 2005
*mangle
:PREROUTING ACCEPT [31964:17500149]
:INPUT ACCEPT [31898:17493775]
:FORWARD ACCEPT [31:1536]
:OUTPUT ACCEPT [29526:2535256]
:POSTROUTING ACCEPT [25906:2304485]
COMMIT
# Completed on Sat Jul 23 22:02:11 2005
# Generated by iptables-save v1.2.9 on Sat Jul 23 22:02:11 2005
*nat
:PREROUTING ACCEPT [12623:993719]
:POSTROUTING ACCEPT [542:41653]
:OUTPUT ACCEPT [2979:217326]
:eth0_dyni - [0:0]
:eth0_masq - [0:0]
:eth1_dyni - [0:0]
-A PREROUTING -i eth0 -j eth0_dyni
-A PREROUTING -i eth1 -j eth1_dyni
-A POSTROUTING -o eth0 -j eth0_masq
-A eth0_masq -s 192.168.5.1 -j MASQUERADE
-A eth0_masq -s 192.168.5.2 -j MASQUERADE
-A eth0_masq -s 192.168.5.3 -j MASQUERADE
-A eth0_masq -s 192.168.1.39 -j MASQUERADE
-A eth0_masq -s 192.168.1.99 -j MASQUERADE
-A eth0_masq -s 192.168.1.101 -j MASQUERADE
-A eth0_masq -s 192.168.1.102 -j MASQUERADE
-A eth0_masq -s 192.168.1.106 -j MASQUERADE
-A eth0_masq -s 192.168.1.110 -j MASQUERADE
-A eth0_masq -s 192.168.1.111 -j MASQUERADE
-A eth0_masq -s 192.168.1.115 -j MASQUERADE
-A eth0_masq -s 192.168.1.116 -j MASQUERADE
-A eth0_masq -s 192.168.1.133 -j MASQUERADE
-A eth0_masq -s 192.168.1.139 -j MASQUERADE
-A eth0_masq -s 192.168.1.140 -j MASQUERADE
COMMIT
# Completed on Sat Jul 23 22:02:11 2005
# Generated by iptables-save v1.2.9 on Sat Jul 23 22:02:11 2005
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [12:636]
:all2all - [0:0]
:dynamic - [0:0]
:eth0_dynf - [0:0]
:eth0_dyni - [0:0]
:eth0_dyno - [0:0]
:eth0_fwd - [0:0]
:eth0_in - [0:0]
:eth1_dynf - [0:0]
:eth1_dyni - [0:0]
:eth1_dyno - [0:0]
:eth1_fwd - [0:0]
:eth1_in - [0:0]
:fw2loc - [0:0]
:fw2net - [0:0]
:loc2fw - [0:0]
:loc2net - [0:0]
:net2all - [0:0]
:reject - [0:0]
:shorewall - [0:0]
:smurfs - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j eth0_in
-A INPUT -i eth1 -j eth1_in
-A INPUT -j LOG --log-prefix "Shorewall:INPUT:REJECT:" --log-level 6
-A INPUT -j reject
-A FORWARD -i eth0 -j eth0_fwd
-A FORWARD -i eth1 -j eth1_fwd
-A FORWARD -j LOG --log-prefix "Shorewall:FORWARD:REJECT:" --log-level 6
-A FORWARD -j reject
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j eth0_dyno
-A OUTPUT -o eth1 -j eth1_dyno
-A OUTPUT -o eth0 -j fw2net
-A OUTPUT -o eth1 -j fw2loc
-A OUTPUT -j LOG --log-prefix "Shorewall:OUTPUT:REJECT:" --log-level 6
-A OUTPUT -j reject
-A all2all -m state --state RELATED,ESTABLISHED -j ACCEPT
-A all2all -j LOG --log-prefix "Shorewall:all2all:REJECT:" --log-level 6
-A all2all -j reject
-A eth0_fwd -m state --state INVALID,NEW -j dynamic
-A eth0_fwd -j eth0_dynf
-A eth0_fwd -o eth1 -j net2all
-A eth0_in -m state --state INVALID,NEW -j dynamic
-A eth0_in -j eth0_dyni
-A eth0_in -j net2all
-A eth1_fwd -m state --state INVALID,NEW -j dynamic
-A eth1_fwd -j eth1_dynf
-A eth1_fwd -o eth0 -j loc2net
-A eth1_in -m state --state INVALID,NEW -j dynamic
-A eth1_in -j eth1_dyni
-A eth1_in -j loc2fw
-A fw2loc -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fw2loc -j ACCEPT
-A fw2net -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fw2net -j ACCEPT
-A loc2fw -m state --state RELATED,ESTABLISHED -j ACCEPT
-A loc2fw -j ACCEPT
-A loc2net -m state --state RELATED,ESTABLISHED -j ACCEPT
-A loc2net -j ACCEPT
-A net2all -m state --state RELATED,ESTABLISHED -j ACCEPT
-A net2all -j LOG --log-prefix "Shorewall:net2all:DROP:" --log-level 6
-A net2all -j DROP
-A reject -m pkttype --pkt-type broadcast -j DROP
-A reject -m pkttype --pkt-type multicast -j DROP
-A reject -s 192.168.3.0/255.255.255.0 -j DROP
-A reject -s 192.168.1.0/255.255.255.0 -j DROP
-A reject -s 255.255.255.255 -j DROP
-A reject -s 224.0.0.0/240.0.0.0 -j DROP
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
-A reject -j REJECT --reject-with icmp-host-prohibited
-A smurfs -s 192.168.3.0/255.255.255.0 -j LOG --log-prefix
"Shorewall:smurfs:DROP:" --log-level 6
-A smurfs -s 192.168.3.0/255.255.255.0 -j DROP
-A smurfs -s 192.168.1.0/255.255.255.0 -j LOG --log-prefix
"Shorewall:smurfs:DROP:" --log-level 6
-A smurfs -s 192.168.1.0/255.255.255.0 -j DROP
-A smurfs -s 255.255.255.255 -j LOG --log-prefix "Shorewall:smurfs:DROP:"
--log-level 6
-A smurfs -s 255.255.255.255 -j DROP
-A smurfs -s 224.0.0.0/240.0.0.0 -j LOG --log-prefix
"Shorewall:smurfs:DROP:" --log-level 6
-A smurfs -s 224.0.0.0/240.0.0.0 -j DROP
COMMIT
# Completed on Sat Jul 23 22:02:11 2005

a shaper prze demonizacji wypluwa:

./shaper start
sh: line 1: 25307 Broken pipe /sbin/iptables -L -n
2>/dev/null
daemonizing... done. PID=25310

a kochane iptables /sbin/iptables -L -n

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
eth0_in all -- 0.0.0.0/0 0.0.0.0/0
eth1_in all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:INPUT:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
shaout0 all -- 0.0.0.0/0 0.0.0.0/0
shaper0 all -- 0.0.0.0/0 0.0.0.0/0
eth0_fwd all -- 0.0.0.0/0 0.0.0.0/0
eth1_fwd all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:FORWARD:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP)
target prot opt source destination
shaout0 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
eth0_dyno all -- 0.0.0.0/0 0.0.0.0/0
eth1_dyno all -- 0.0.0.0/0 0.0.0.0/0
fw2net all -- 0.0.0.0/0 0.0.0.0/0
fw2loc all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:OUTPUT:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:all2all:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_dynf (1 references)
target prot opt source destination

Chain eth0_dyni (1 references)
target prot opt source destination

Chain eth0_dyno (1 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
eth0_dynf all -- 0.0.0.0/0 0.0.0.0/0
net2all all -- 0.0.0.0/0 0.0.0.0/0

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
eth0_dyni all -- 0.0.0.0/0 0.0.0.0/0
net2all all -- 0.0.0.0/0 0.0.0.0/0

Chain eth1_dynf (1 references)
target prot opt source destination

Chain eth1_dyni (1 references)
target prot opt source destination

Chain eth1_dyno (1 references)
target prot opt source destination

Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
eth1_dynf all -- 0.0.0.0/0 0.0.0.0/0
loc2net all -- 0.0.0.0/0 0.0.0.0/0

Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
eth1_dyni all -- 0.0.0.0/0 0.0.0.0/0
loc2fw all -- 0.0.0.0/0 0.0.0.0/0

Chain fw2loc (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain loc2fw (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:net2all:DROP:'
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain reject (4 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
broadcast
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
multicast
DROP all -- 192.168.3.0/24 0.0.0.0/0
DROP all -- 192.168.1.0/24 0.0.0.0/0
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 224.0.0.0/4 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with
tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited

Chain shaout0 (2 references)
target prot opt source destination
RETURN all -- 192.168.3.65 0.0.0.0/0
RETURN all -- 192.168.1.2 !192.168.1.0/24
RETURN all -- 192.168.1.3 !192.168.1.0/24
RETURN all -- 192.168.1.4 !192.168.1.0/24
RETURN all -- 192.168.1.5 !192.168.1.0/24
RETURN all -- 192.168.1.6 !192.168.1.0/24
RETURN all -- 192.168.1.7 !192.168.1.0/24
RETURN all -- 192.168.1.8 !192.168.1.0/24
RETURN all -- 192.168.1.9 !192.168.1.0/24
RETURN all -- 192.168.1.10/31 !192.168.1.0/24
RETURN all -- 192.168.1.12 !192.168.1.0/24
RETURN all -- 192.168.1.13 !192.168.1.0/24

Chain shaper0 (1 references)
target prot opt source destination
RETURN all -- !192.168.1.0/24 192.168.1.2
RETURN all -- !192.168.1.0/24 192.168.1.3
RETURN all -- !192.168.1.0/24 192.168.1.4
RETURN all -- !192.168.1.0/24 192.168.1.5
RETURN all -- !192.168.1.0/24 192.168.1.6
RETURN all -- !192.168.1.0/24 192.168.1.7
RETURN all -- !192.168.1.0/24 192.168.1.8
RETURN all -- !192.168.1.0/24 192.168.1.9
RETURN all -- !192.168.1.0/24 192.168.1.10/31
RETURN all -- !192.168.1.0/24 192.168.1.12
RETURN all -- !192.168.1.0/24 192.168.1.13

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.3.0/24 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 192.168.3.0/24 0.0.0.0/0
LOG all -- 192.168.1.0/24 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 192.168.1.0/24 0.0.0.0/0
LOG all -- 255.255.255.255 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 255.255.255.255 0.0.0.0/0
LOG all -- 224.0.0.0/4 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 224.0.0.0/4 0.0.0.0/0

a shaper na najwyzszym poziomie logowanie wypisuje w logu
iptables: Bad rule (does a matching rule exist in that chain?)

shaper 2.2.26
iptables 1.2.9
shorewall 2.4.1-3
kernel 2.6.11-6

I teraz pytanie co mam zrobic zeby shaper dziala poprawnie i nie wyrzucal
mi bledu i chetnie bym sie dowiedzial gdzie jest blad w firewallu

AwerS