Gentoo Forums :: View topic - Gentoo router, problemi con msn e NFS

Gentoo router, problemi con msn e NFS

View unanswered posts
View posts from last 24 hours
View posts from last 7 days

Gentoo Forums Forum Index

Forum italiano (Italian)

Forum di discussione italiano

View previous topic :: View next topic

Author

Message

g3Ko
n00b
n00b

Joined: 17 Sep 2007
Posts: 39

Posted: Tue Apr 06, 2010 5:15 pm Post subject: Gentoo router, problemi con msn e NFS

Buongiorno a tutti, spiego la configurazione e il seguente problema. Questa è IPTABLES:

Code:

Chain INPUT (policy DROP 6168 packets, 992K bytes)
pkts bytes target prot opt in out source destination
4 296 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 120 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix ` Server BREACK-IN ATTEMPT! '
3 120 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID
11 1307 ACCEPT tcp -- eth0 * 85.33.2.55 192.168.0.2 tcp spt:25 dpts:1024:65535 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth0 * 208.67.222.222 192.168.0.2 udp spt:53 dpts:1024:65535
83 12328 ACCEPT udp -- eth0 * 208.67.220.220 192.168.0.2 udp spt:53 dpts:1024:65535
31672 47M ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spt:80 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spt:443 dpts:1024:65535 state RELATED,ESTABLISHED
1235 129K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spt:6667 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spt:22 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp spt:22 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 LOG udp -- eth0 * 193.204.114.232 192.168.0.2 udp spt:123 dpt:123 LOG flags 0 level 4 prefix ` NTP input- '
0 0 ACCEPT udp -- eth0 * 193.204.114.232 192.168.0.2 udp spt:123 dpt:123
7690 11M ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spt:873 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spt:43 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 192.168.0.2 udp spt:43 dpts:1024:65535
45 2900 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spts:1024:65535 dpt:80 state NEW,RELATED,ESTABLISHED
2859 738K ACCEPT tcp -- eth1 * 192.168.5.3 192.168.5.2 tcp spts:1024:65535 dpt:80 state NEW,RELATED,ESTABLISHED
3 180 LOG tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spts:1024:65535 dpt:5000 flags:0x17/0x02 LOG flags 0 level 4 prefix ` SSH WAN connection attempt '
24 1898 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.0.2 tcp spts:1024:65535 dpt:5000 state NEW,RELATED,ESTABLISHED
6 384 LOG tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp spts:1024:65535 dpt:5000 flags:0x17/0x02 LOG flags 0 level 4 prefix ` SSH LAN connection attempt '
18990 16M ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp spts:1024:65535 dpt:5000 state NEW,RELATED,ESTABLISHED
107 11181 LOG udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp spt:514 dpt:514 state NEW,RELATED,ESTABLISHED LOG flags 0 level 4 prefix `SysLOG input- '
107 11181 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp spt:514 dpt:514 state NEW,RELATED,ESTABLISHED
3 252 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp dpt:111
30 1608 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp dpt:111 state NEW,RELATED,ESTABLISHED
1 92 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp dpt:4000
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp dpt:4000 state NEW,RELATED,ESTABLISHED
4 384 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp dpt:4001
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp dpt:4001 state NEW,RELATED,ESTABLISHED
15 1440 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp dpt:4002
10 504 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp dpt:4002 state NEW,RELATED,ESTABLISHED
77 11672 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.5.2 udp dpt:2049
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.5.2 tcp dpt:2049 state NEW,RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT 6074 packets, 574K bytes)
pkts bytes target prot opt in out source destination
307K 24M ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpts:0:1023 state NEW,RELATED,ESTABLISHED
443K 503M ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spts:0:1023 dpts:1024:65535 state RELATED,ESTABLISHED
45666 3995K ACCEPT udp -- eth1 * 192.168.5.0/24 0.0.0.0/0
41263 4042K ACCEPT udp -- eth0 * 0.0.0.0/0 192.168.5.0/24
0 0 ACCEPT icmp -- eth1 * 192.168.5.0/24 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 192.168.5.0/24 icmp type 0
1476 147K ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:9999 state NEW,RELATED,ESTABLISHED
1481 355K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:9999 dpts:1024:65535 state RELATED,ESTABLISHED
7103 446K ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:6667 state NEW,RELATED,ESTABLISHED
6173 3118K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:6667 dpts:1024:65535 state RELATED,ESTABLISHED
1244 117K ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:6697 state NEW,RELATED,ESTABLISHED
1089 223K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:6697 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:5000 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:5000 dpts:1024:65535 state RELATED,ESTABLISHED
947 99757 ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:5050 state NEW,RELATED,ESTABLISHED
1172 129K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:5050 dpts:1024:65535 state RELATED,ESTABLISHED
3988 380K ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:5190 state NEW,RELATED,ESTABLISHED
4920 873K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:5190 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:4000 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:4000 dpts:1024:65535 state RELATED,ESTABLISHED
7196 1219K ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:1863 state NEW,RELATED,ESTABLISHED
5994 1861K ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:1863 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 192.168.5.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:5050 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.5.0/24 tcp spt:5050 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix ` eth0 BREACK-IN ATTEMPT! '
0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID

Chain OUTPUT (policy DROP 290 packets, 94020 bytes)
pkts bytes target prot opt in out source destination
4 296 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
83 5414 ACCEPT udp -- * eth0 192.168.0.2 208.67.220.220 udp spts:1024:65535 dpt:53
17381 939K ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:80 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:443 state NEW,RELATED,ESTABLISHED
1 60 LOG tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:25 flags:0x17/0x02 LOG flags 0 level 4 prefix ` SMTP output- '
12 1469 ACCEPT tcp -- * eth0 192.168.0.2 85.33.2.55 tcp spts:1024:65535 dpt:25 state NEW,RELATED,ESTABLISHED
1343 83382 ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:6667 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:22 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spts:1024:65535 dpt:22 state NEW,RELATED,ESTABLISHED
0 0 LOG udp -- * eth0 192.168.0.2 193.204.114.232 udp spt:123 dpt:123 LOG flags 0 level 4 prefix ` NTP output- '
0 0 ACCEPT udp -- * eth0 192.168.0.2 193.204.114.232 udp spt:123 dpt:123
5033 455K ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:873 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spts:1024:65535 dpt:43 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT udp -- * eth0 192.168.0.2 0.0.0.0/0 udp spts:1024:65535 dpt:43
44 4812 ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spt:80 dpts:1024:65535 state RELATED,ESTABLISHED
3475 3596K ACCEPT tcp -- * eth1 192.168.5.2 192.168.5.3 tcp spt:80 dpts:1024:65535 state RELATED,ESTABLISHED
25 4354 ACCEPT tcp -- * eth0 192.168.0.2 0.0.0.0/0 tcp spt:5000 dpts:1024:65535 state RELATED,ESTABLISHED
10061 809K ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spt:5000 dpts:1024:65535 state RELATED,ESTABLISHED
3 168 ACCEPT udp -- * eth1 192.168.5.2 0.0.0.0/0 udp spt:111
24 1200 ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spt:111 state NEW,RELATED,ESTABLISHED
1 52 ACCEPT udp -- * eth1 192.168.5.2 0.0.0.0/0 udp spt:4000
0 0 ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spt:4000 state NEW,RELATED,ESTABLISHED
4 208 ACCEPT udp -- * eth1 192.168.5.2 0.0.0.0/0 udp spt:4001
0 0 ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spt:4001 state NEW,RELATED,ESTABLISHED
15 1108 ACCEPT udp -- * eth1 192.168.5.2 0.0.0.0/0 udp spt:4002
8 496 ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spt:4002 state NEW,RELATED,ESTABLISHED
77 637K ACCEPT udp -- * eth1 192.168.5.2 0.0.0.0/0 udp spt:2049
0 0 ACCEPT tcp -- * eth1 192.168.5.2 0.0.0.0/0 tcp spt:2049 state NEW,RELATED,ESTABLISHED

e queste sono le schede di rete:

Code:

eth0 Link encap:Ethernet HWaddr 00:11:d8:a2:63:92
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0

eth1 Link encap:Ethernet HWaddr 00:1d:0f:be:cf:0f
inet addr:192.168.5.2 Bcast:192.168.5.255 Mask:255.255.255.0

Quindi da eth1 dove sono presenti tutti i client, si esce in eth0 (attraverso il router Gentoo) dove c'è internet. Il problema sorge con MSN che continua a scollegarsi e ricollegarsi ad intervalli quasi regolari benche le porte siano aperte, e non capisco perche. Mentre il secondo problema è con il server NFS presente sul router stesso (accessibile da eth1): OS X monta il volume ma non fa il listing delle cartelle, quindi monta un volume effettivamente inutilizzabile, che tra le altre cose fa fatica a smontare (devo smontarlo in modo forzato). Premetto che togliendo il router tutto funziona regolarmente, NFS compreso, quindi le configurazioni NFS sembrano funzionare senza problemi. Questo è invece rpcinfo -p:

Code:

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4000 status
100024 1 tcp 4000 status
100005 2 udp 4002 mountd
100005 2 tcp 4002 mountd
100005 3 udp 4002 mountd
100005 3 tcp 4002 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100021 4 udp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100021 4 tcp 4001 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs

/etc/exports:

Code:

/home/shared 192.168.5.0/24(insecure,no_subtree_check,sync,rw,no_root_squash,no_all_squash)

Qualcuno saprebbe gentilmente aiutarmi con questi due problemi, soprattutto NFS?

Vi ringrazio,

–Michele

oRDeX
Veteran
Veteran

Joined: 19 Oct 2003
Posts: 1325
Location: Italy

Posted: Tue Apr 06, 2010 6:39 pm Post subject:

Ma ho capito male, o hai detto che il server NFS è sul router stesso? Se è così, come fai a far funzionare il server rimuovendo il router?

g3Ko
n00b
n00b

Joined: 17 Sep 2007
Posts: 39

Posted: Tue Apr 06, 2010 9:11 pm Post subject:

Esattamente: il servizio è sul router (lo so che non è il massimo, ma a differenza dei servizi, le macchine non le avvio gratis ) ho preparato uno script con tutto ALLOW giusto per scopo di testing, e ho visto che in questo caso il servizio funziona perfettamente.

X-Act!
Apprentice

Joined: 22 Nov 2004
Posts: 245
Location: /home/xact/

Posted: Sat Apr 10, 2010 8:20 pm Post subject:

g3Ko wrote:

ho preparato uno script con tutto ALLOW giusto per scopo di testing, e ho visto che in questo caso il servizio funziona perfettamente.

Così facendo hai tolto il firewall, non il router. Il problema deve essere per forza nella config di iptables, ma questa è abbastanza complicata da renderlo di non facile individuazione...
Da dove viene questa config? Te la sei scritta tutta da solo?
Magari attiva un logging abbastanza verboso e comincia a cercare qualcosa lì.
_________________
"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

Display posts from previous:

	Gentoo Forums Forum Index Forum italiano (Italian) Forum di discussione italiano	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy