| View previous topic :: View next topic |
| Author |
Message |
tuxer
Guru
Joined: 10 May 2004
Posts: 328
|
 Posted: Sat Nov 27, 2004 12:37 pm Post subject: firewall fantasma e molto cazzuto |
 |
|
io vorrei capire chi mi ha messo questo firewall (con iptables) sul mio pc! 
ora non è che la cosa mi dispiaccia, anzi!
il problema è che non capisco chi me l'abbia messo, non ho iptables all'avvio, non ho nulla in local.start, ho pensato che forse me l'ha messo shorewall, ma mi sembra strano visto che non l'ho configurato bene e cmq non ce l'ho all'avvio e riparte a ogni reboot...
| Code: | Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- nsr1.tiscali.it anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- nsr1.tiscali.it anywhere
ACCEPT tcp -- nsr2.tiscali.it anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- nsr2.tiscali.it anywhere
ACCEPT all -- anywhere anywhere
LD icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp echo-request
ACCEPT udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpt:33434
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp destination-unreachable
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp host-unreachable
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp timestamp-request
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp timestamp-reply
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp address-mask-request
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp address-mask-reply
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp redirect limit: avg 2/sec burst 5
ACCEPT icmp -- anywhere ppp-*-*-*-*.dialup.tiscali.it icmp source-quench limit: avg 2/sec burst 5
LD all -- 0.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 1.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 2.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 5.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 7.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 10.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 23.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 27.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 31.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 36.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 37.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 39.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 41.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 42.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 49.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 50.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 58.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 59.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 032-238-079.area1.spcsdns.net/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 71.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 72.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 73.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 74.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 75.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 76.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 77.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 78.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 79.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 83.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 84.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 85.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 86.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 87.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 88.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 89.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 90.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 91.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 92.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 93.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 94.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 95.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 96.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 97.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 98.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 99.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 100.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 101.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 102.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 103.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 104.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 105.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 106.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 107.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 108.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 109.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 110.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 111.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 112.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 113.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 114.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 115.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 116.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 117.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 118.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 119.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 120.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 121.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 122.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 123.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 124.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 125.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 126.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- loopback/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 169.254.0.0/16 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 172.16.0.0/12 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 173.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 174.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 175.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 176.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 177.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 178.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 179.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 180.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 181.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 182.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 183.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 184.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 185.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 186.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 187.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 189.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 190.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 192.0.2.0/24 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 192.168.0.0/16 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 197.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 198.18.0.0/15 ppp-*-*-*-*.dialup.tiscali.it
LD all -- 223.0.0.0/8 ppp-*-*-*-*.dialup.tiscali.it
LD all -- BASE-ADDRESS.MCAST.NET/3 ppp-*-*-*-*.dialup.tiscali.it
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:31337 limit: avg 2/min burst 5
LD udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpt:31337 limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:33270 limit: avg 2/min burst 5
LD udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpt:33270 limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:1234 limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:6711 limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpts:12345:12346 limit: avg 2/min burst 5
LD udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpts:12345:12346 limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:epmap limit: avg 2/min burst 5
LD udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpt:epmap limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:ingreslock limit: avg 2/min burst 5
LD tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpt:27665 limit: avg 2/min burst 5
LD udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpt:27444 limit: avg 2/min burst 5
LD udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpt:31335 limit: avg 2/min burst 5
LD all -- BASE-ADDRESS.MCAST.NET/8 anywhere
LD all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP all -- 10.0.0.255 anywhere
DROP all -- 0.0.0.0 anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 0.0.0.0
LD all -- anywhere anywhere state INVALID
LD all -f anywhere anywhere limit: avg 10/min burst 5
LD tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
STATE tcp -- anywhere ppp-*-*-*-*.dialup.tiscali.it tcp dpts:1024:65535
ACCEPT udp -- anywhere ppp-*-*-*-*.dialup.tiscali.it udp dpts:1023:65535
LD all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:31337 limit: avg 2/min burst 5
LD udp -- ppp-*-*-*-*.dialup.tiscali.it anywhere udp dpt:31337 limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:33270 limit: avg 2/min burst 5
LD udp -- ppp-*-*-*-*.dialup.tiscali.it anywhere udp dpt:33270 limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:1234 limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:6711 limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpts:12345:12346 limit: avg 2/min burst 5
LD udp -- ppp-*-*-*-*.dialup.tiscali.it anywhere udp dpts:12345:12346 limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:epmap limit: avg 2/min burst 5
LD udp -- ppp-*-*-*-*.dialup.tiscali.it anywhere udp dpt:epmap limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:ingreslock limit: avg 2/min burst 5
LD tcp -- ppp-*-*-*-*.dialup.tiscali.it anywhere tcp dpt:27665 limit: avg 2/min burst 5
LD udp -- ppp-*-*-*-*.dialup.tiscali.it anywhere udp dpt:27444 limit: avg 2/min burst 5
LD udp -- ppp-*-*-*-*.dialup.tiscali.it anywhere udp dpt:31335 limit: avg 2/min burst 5
LD all -- BASE-ADDRESS.MCAST.NET/8 anywhere
LD all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
all -- anywhere anywhere TTL match TTL == 64
ACCEPT icmp -- ppp-*-*-*-*.dialup.tiscali.it anywhere
ACCEPT all -- anywhere anywhere
Chain LD (147 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain SANITY (0 references)
target prot opt source destination
LD all -- anywhere anywhere
Chain STATE (1 references)
target prot opt source destination
LD all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LD all -- anywhere anywhere
Chain UNCLEAN (0 references)
target prot opt source destination
LD all -- anywhere anywhere |
*-*-*-* l'ho messo io al posto del mio ip... |
|
| Back to top |
|
 |
tuxer
Guru
Joined: 10 May 2004
Posts: 328
|
| Posted: Sat Nov 27, 2004 1:04 pm Post subject: |
|
|
oh shit ma che cavolo succede!!
mi sono accorto che iptables viene settato così quando mi connetto (una dialup) e i nameserver mi puzzano un pochino:
nameserver 213.205.32.70
nameserver 213.205.36.70
Ho provato a fare un iptables -F ma poi mi dà errore di risoluzione nomi, e se cambio resolv.conf me li rimette (anche se cambio quello in /etc/ppp)...
Ho controllato con pppconfig e il numero di telefono è giusto, veramente non so più cosa pensare... help! |
|
| Back to top |
|
|
comio
Advocate
Joined: 03 Jul 2003
Posts: 2191
Location: Taranto
|
| Posted: Sat Nov 27, 2004 1:12 pm Post subject: |
|
|
| tuxer wrote: | oh shit ma che cavolo succede!!
mi sono accorto che iptables viene settato così quando mi connetto (una dialup) e i nameserver mi puzzano un pochino:
nameserver 213.205.32.70
nameserver 213.205.36.70
Ho provato a fare un iptables -F ma poi mi dà errore di risoluzione nomi, e se cambio resolv.conf me li rimette (anche se cambio quello in /etc/ppp)...
Ho controllato con pppconfig e il numero di telefono è giusto, veramente non so più cosa pensare... help! |
i nameserver sono di tiscali... quindi penso che sia il tuo script ppp a metterli... e la cosa mi pare normale.
Per capire chi lancia iptables, postatici il risultato di rc-status -a
ciao
_________________
RTFM!!!!
e
http://www.comio.it
 |
|
| Back to top |
|
|
tuxer
Guru
Joined: 10 May 2004
Posts: 328
|
| Posted: Sat Nov 27, 2004 4:51 pm Post subject: |
|
|
ecco qui:
| Code: | acpid |
alsasound | default
apache2 |
atd |
atftp |
bootmisc | boot
bootsplash |
checkfs | boot
checkroot | boot
clock | boot
consolefont | boot
crypto-loop |
cupsd | default
dhcp | default
dhcrelay |
dictd | default
distccd | default
domainname | default
esound |
famd |
foldingathome |
freepopsd |
gimps |
gkrellmd |
gpm | default
hddtemp |
hdparm |
hostname | default lucia
hotplug | default lucia
ip6tables |
iptables |
keymaps | boot
liberoPOPsd | default
local | default lucia nonetwork
localmount | boot
modules | boot
mysql |
nessusd |
net.eth0 | default
net.lo | boot
net.ppp0 |
netmount |
nfs | default
nfsmount |
nscd |
ntp-client |
ntpd |
numlock |
openvpn |
portmap |
rmnologin | boot
rsyncd |
samba |
serial | boot
shorewall |
slapd |
slurpd |
smartd |
snort |
spamd |
splash |
squid |
sshd | lucia
stunnel |
svscan |
syslog-ng | default lucia
urandom | boot
vixie-cron | default lucia
vmware |
xdm | lucia
xfs | default
xinetd |
xprint |
|
cmq gli rc a mio parere non spiegano il fatto che si autoconfiguri magicamente quando mi connetto a internet no? |
|
| Back to top |
|
|
comio
Advocate
Joined: 03 Jul 2003
Posts: 2191
Location: Taranto
|
| Posted: Sat Nov 27, 2004 6:35 pm Post subject: |
|
|
la conf se la prende da ppp... quindi è normale, ma ancora non capisco deve ti parta il firewall...
fammici pensare un po'
ciao
_________________
RTFM!!!!
e
http://www.comio.it
|
|
| Back to top |
|
|
comio
Advocate
Joined: 03 Jul 2003
Posts: 2191
Location: Taranto
|
| Posted: Sat Nov 27, 2004 6:38 pm Post subject: |
|
|
vedendo meglio le acl del firewall... mi viene il dubbio che non sia lo script per ppp a caricare il tutto...
prova a dare una occhiata ai tuoi script di connessione a tiscali.
ciao
_________________
RTFM!!!!
e
http://www.comio.it
|
|
| Back to top |
|
|
tuxer
Guru
Joined: 10 May 2004
Posts: 328
|
| Posted: Sun Nov 28, 2004 3:29 am Post subject: |
|
|
| svelato l'arcano, ip-up.local in /etc/ppp mi fa partire uno script di firestarter che mi setta il firewall in quello strano modo... |
|
| Back to top |
|
|
comio
Advocate
Joined: 03 Jul 2003
Posts: 2191
Location: Taranto
|
| Posted: Sun Nov 28, 2004 9:11 am Post subject: |
|
|
come volevasi dimostrare...
ciao
_________________
RTFM!!!!
e
http://www.comio.it
|
|
| Back to top |
|
|
tuxer
Guru
Joined: 10 May 2004
Posts: 328
|
| Posted: Sun Nov 28, 2004 11:49 am Post subject: |
|
|
la cosa incredibile è che io firestarter non l'avevo manco configurato, e l'ho addirittura disinstallato!!
e chi andava a pensare che poteva essere quello... eh eh io mi ero già fatto degli scenari di spoofing apocalittici  |
|
| Back to top |
|
|
|
Forum italiano (Italian)
