Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_int all -- anywhere anywhere
input_int all -- anywhere anywhere
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
forward_int all -- anywhere anywhere
forward_int all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_ext all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere xxxxx-email.MyDomainAtHome limit: avg 3/min burst 5 tcp dpt:smtp state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-REVMASQ '
ACCEPT tcp -- anywhere xxxxx-email.MyDomainAtHome tcp dpt:smtp
DROP all -- anywhere anywhere
Chain forward_int (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere xxxxx-email.MyDomainAtHome limit: avg 3/min burst 5 tcp dpt:smtp state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-REVMASQ '
ACCEPT tcp -- anywhere xxxxx-email.MyDomainAtHome tcp dpt:smtp
DROP all -- anywhere anywhere
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT esp -- anywhere anywhere
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:telnet flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:telnet
DROP all -- anywhere anywhere
Chain input_int (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
hast du einen router davor? stimmt der portforward?
klappt das portforwarding auf port 22 (ssh) z.b.?
wozu so viele ips aus dem selben subnet auf eine karte?
iptraf einschalten auf dem serve rund den traffic beobachten!
[default 192.168.xxx.1 - -]
# Set an explicit route to the localnet, because there was a report (bug 34872)
# about performance problems in an oracle installation without that route.
# Normally it should not be necessary since kernel 2.4, but it does not harm.
127/8
192.168.xxx.0 None 255.255.255.0 eth0
192.168.xxx.0 None 255.255.255.0 eth1
192.168.xxx.0 None 255.255.255.0 eth2
192.168.xxx.0 None 255.255.255.0 eth3
169.254.0.0 None 255.255.0.0 eth0
127.0.0.0 None 255.0.0.0 lo
Default Route 192.168.xxx.1 eth3
hau den krempel weg.
route -n
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.xxx.0 * 255.255.255.0 U 0 0 0 eth0
192.168.xxx.0 * 255.255.255.0 U 0 0 0 eth1
192.168.xxx.0 * 255.255.255.0 U 0 0 0 eth2
192.168.xxx.0 * 255.255.255.0 U 0 0 0 eth3
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.xxx.1 0.0.0.0 UG 0 0 0 eth3
hast du grundlagen von der netzwerktechnik?
nimm mal drei andere subnetze auf den anderen devices.
oder deaktiviere mal die anderen netzwerkkarten.
JA
192.168.xxx.50
192.168.xxx1
1. telnet xxx.dyndns.org 25 --> wie gehabt
2. iptables gelöscht
3. telnet xxx.dyndns.org 25 --> wie gehabt
4. telnet localhost 25 --> Postfix