lynyrd
January 3rd, 2007, 01:24 PM
Preinfo:
My testing environment running Ubuntu Dapper Drake Server (Linux test 2.6.15-27-server #1 SMP Fri Dec 8 18:43:54 UTC 2006 i686 GNU/Linux).
The testing environment has multiple ip adresses (192.168.1.15-18) I dont know, if this is relevant for solving my problem.
My root server running Ubuntu Dapper Drake Server (Linux server 2.6.15.7-ubuntu1 #4 Thu Dec 21 21:19:22 CET 2006 i686 GNU/Linux selfmade, iptables support completely included).
The root server als has multiple ip adresses (I will NOT post them here).
My Laptop running Ubuntu Egdy (Linux laptop 2.6.17-10-386 #2 Tue Dec 5 22:26:18 UTC 2006 i686 GNU/Linux).
all packages are up-to-date.
---------------------------------
I added the following rule to iptables (testing environment):
iptables -A INPUT -d 192.168.1.16 -m state --state NEW -p tcp --dport 80 -j DROP
It should block all packages from everywhere to 192.168.1.16:80.
well it does, but if I run nmap (without any parameters) from laptop to 192.168.1.16, nmap says 'host seems down'. (nmap with -P0 tells me, port 80 is successfully filtered.)
After "iptables -F" everythings running well again (nmap says host is online and port 80 is open)
I added the same rule to the iptables of my root server an got the same result by scanning from laptop or testing environment to the root server.
Then I added the same rule to my laptop's tables and it worked. nmap told the host is online and port 80 is filtered.
I tried to allow all ICMP packages manually by adding
iptables -A INPUT -d 192.168.1.16 -p ICMP -j ACCEPT
but nothing happened.
iptables on all hosts got flushed before each test.
just a test:
cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0
maybe a bug in 2.6.15 kernel series or in iptables 1.3.3?
update. look below
My testing environment running Ubuntu Dapper Drake Server (Linux test 2.6.15-27-server #1 SMP Fri Dec 8 18:43:54 UTC 2006 i686 GNU/Linux).
The testing environment has multiple ip adresses (192.168.1.15-18) I dont know, if this is relevant for solving my problem.
My root server running Ubuntu Dapper Drake Server (Linux server 2.6.15.7-ubuntu1 #4 Thu Dec 21 21:19:22 CET 2006 i686 GNU/Linux selfmade, iptables support completely included).
The root server als has multiple ip adresses (I will NOT post them here).
My Laptop running Ubuntu Egdy (Linux laptop 2.6.17-10-386 #2 Tue Dec 5 22:26:18 UTC 2006 i686 GNU/Linux).
all packages are up-to-date.
---------------------------------
I added the following rule to iptables (testing environment):
iptables -A INPUT -d 192.168.1.16 -m state --state NEW -p tcp --dport 80 -j DROP
It should block all packages from everywhere to 192.168.1.16:80.
well it does, but if I run nmap (without any parameters) from laptop to 192.168.1.16, nmap says 'host seems down'. (nmap with -P0 tells me, port 80 is successfully filtered.)
After "iptables -F" everythings running well again (nmap says host is online and port 80 is open)
I added the same rule to the iptables of my root server an got the same result by scanning from laptop or testing environment to the root server.
Then I added the same rule to my laptop's tables and it worked. nmap told the host is online and port 80 is filtered.
I tried to allow all ICMP packages manually by adding
iptables -A INPUT -d 192.168.1.16 -p ICMP -j ACCEPT
but nothing happened.
iptables on all hosts got flushed before each test.
just a test:
cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0
maybe a bug in 2.6.15 kernel series or in iptables 1.3.3?
update. look below