DHCP antwortet nicht ?!

Anonymous · 20 Okt. 2004

Servus,
hab SuSE 9.0 laufen und alle updates durchgeführt.
DHCPD hat die Version 3.0.1rc12´

Meine dhcp.conf sieht so aus:

Code:

default-lease-time 600;
max-lease-time 7200;
ddns-update-style none; ddns-updates off;
log-facility local7;

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.10 10.0.0.20;
  option routers 10.0.0.1;
  option domain-name-servers 10.0.0.1; 
}

Problem ist folgendes:
Mittels Webmin hab ich obige Config-File erzeugt und hab auch in Webmin eingestellt daß er WLAN0 als Device nutzen soll. Beim Starten des DHCP-Servers gibts keine Fehler. Dennoch krieg ich aufm Notebook per WLAN keine IP zugewiesen. WInXp ist bereits für DHCP eingestellt und die WLAN-Verbindung besteht auch korrekt (Key etc. 3-malig geprüft).

Ein "tcpdump -i wlan0" birngt folgendes zu Tage:

Code:

15:14:05.563975 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f flags:0x8000 file ""[|bootp]
15:14:05.564218 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f flags:0x8000 file ""[|bootp]
15:14:08.568441 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f secs:18674 flags:0x8000 file ""[|bootp]
15:14:08.568676 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f secs:18674 flags:0x8000 file ""[|bootp]
15:14:16.571553 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f secs:18674 flags:0x8000 file ""[|bootp]
15:14:16.571787 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f secs:18674 flags:0x8000 file ""[|bootp]
15:14:32.577784 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f secs:18674 flags:0x8000 file ""[|bootp]
15:14:32.578034 0.0.0.0.bootpc > 255.255.255.255.bootps:  xid:0xd808847f secs:18674 flags:0x8000 file ""[|bootp]
15:15:20.434115 server.homelinux.org.netbios-dgm > 10.0.0.255.netbios-dgm: NBT UDP PACKET(138) (DF)
15:17:20.438996 server.homelinux.org.netbios-dgm > 10.0.0.255.netbios-dgm: NBT UDP PACKET(138) (DF)

Ach ja, ich verwende im verkabelten Netzwerk 192.168.0.x mit der internen Domain "homelinux.org". Mein Server heißt demnach server.homelinux.org.
Für WLAN nutze ich 10.0.0.x

Ein "ipconfig /renew" unter WinXP bringt ne Fehlermeldung die besagt daß keine Verbindung zum DHCP-Server hergestellt werden kann.

Hat jmd. ne Ahnung warum das nicht geht ? In der Firewall hab ich auch nix gefunden was auf nen Fehler hinweisen könnte.

Gruß
Alex

Anonymous · 21 Okt. 2004

Hat denn niemand ne Peilung worans liegen könnte ?
Bin so langsam aber sicher am verzweifeln.

- Alex

carsten · 21 Okt. 2004

porbier mal in der subnet-Klammer:
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;

Danach mal wieder rcdhcpd restart

Grüße

Anonymous · 21 Okt. 2004

Hat auch kein erfolg gebracht...

Gibts denn keine Log-File vom DHCP in der man nachgucken kann ?! Hab da noch nix gefunden...

- Alex

imat · 21 Okt. 2004

alex0801 schrieb:
Gibts denn keine Log-File vom DHCP in der man nachgucken kann ?! Hab da noch nix gefunden...

Klar, per default über syslog nach /var/log/messages

Lauscht den der dhcpd überhaupt ?

netstat -lun | grep 67

Anonymous · 21 Okt. 2004

Also der DHCP meldet sich in /var/log/messages nur dann zu wort wenn ich ihn starte.
netstat bringt folgendes:

Code:

server:/ # netstat -lun | grep 67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           
udp        0      0 0.0.0.0:67              0.0.0.0:*

Und was heißt das jetzt ? Läuft, oder ? Aber warum antwortet er nicht ?

- Alex

imat · 21 Okt. 2004

Ja, das sieht schon mal gut aus.
Wird der dhcp auch wirklich an das richtige Interface gebunden ?

ps ax | grep dhcpd

Anonymous · 22 Okt. 2004

jepp,
habe in /etc/sysconfig/dhcp.... WLAN0 als Interface eingetragen. /var/log/messages meldet das auch beim starten von dhcpd.

Weitere Ideen ?
Gruß und bis hierher mal ein dickes Danke,
Alex

imat · 22 Okt. 2004

Hast du die Möglichkeit ein auf dem dhcp-server mit

Code:

tcpdump -i wlan0 -s0 -w /tmp/tcpdump.log

erstelltes File einer Anfrage des Clients irgendwohin hochzuladen damit man sich das mal ansehen kann ?
Wir können uns auch heute abend ab ca. 20:00 Uhr im Chat treffen, um das File per DCC auszutauschen ?

Anonymous · 22 Okt. 2004

Jepp, kann ich machen.
ich geh dann mal 'loggen'...

- Alex

Anonymous · 22 Okt. 2004

So, die File findest du hier:
http://server.homelinux.org/~alex0801/tcpdump.log

Ich kann allerdings net viel mit anfangen.. ist ja zum großen Teil binär..

- Alex

imat · 22 Okt. 2004

Der request des Clients sieht ok aus.
Btw. etherreal ist das Tool mit welchem du dir das Logfile von tcpdump verständlich ansehen kannst

Also nochmal bitte folgende Infos:

ps ax | grep dhcp
ip a s (alternativ ifconfig)
ip r s (alternativ route -n)
iptables -L -nv
iptables -t nat -L -nv
iptalbles -t mangle -L -nv
den teil aus /var/log/messages vom start des dhcp
die aktuelle /etc/dhcpd.conf

Du kannst das gerne in ein tar-archiv packen und wieder online stellen.

Anonymous · 22 Okt. 2004

So, ich habs mal hierrein kopiert, war mir jetzt n bissl viel umstand alles in n tar-archiv zu quetschen.
Bittesehr...

ps ax | grep 'dhcp' schrieb:
server:/home/alex0801 # ps ax | grep "dhcp"
827 ? S 0:22 /sbin/syslogd -a /var/lib/dhcp/dev/log -a /var/lib/named/dev/log
3740 ? S 0:00 /usr/sbin/dhcpd -user nobody -group nogroup wlan0
5127 pts/0 S 0:00 grep dhcp

ip a s schrieb:
server:/home/alex0801 # ip a s
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:fc:f4:af:c6 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
inet6 fe80::250:fcff:fef4:afc6/64 scope link
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:27:10:95:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.199/24 brd 192.168.1.255 scope global eth1
inet6 fe80::290:27ff:fe10:95a8/64 scope link
5: wlan0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:09:5b:12:04:c7 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global wlan0
inet6 fe80::209:5bff:fe12:4c7/64 scope link
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 217.95.25.169 peer 217.5.98.153/32 scope global ppp0

ip r s schrieb:
server:/home/alex0801 # ip r s
217.5.98.153 dev ppp0 proto kernel scope link src 217.95.25.169
10.0.0.0/24 dev wlan0 proto kernel scope link src 10.0.0.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.199
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
default via 217.5.98.153 dev ppp0

iptables -L -nv schrieb:
server:/home/alex0801 # iptables -L -nv
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10559 3006K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 127.0.0.0/8 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
0 0 LOG all -- * * 0.0.0.0/0 127.0.0.0/8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
0 0 DROP all -- * * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 127.0.0.0/8
56 13496 LOG all -- * * 192.168.0.1 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
56 13496 DROP all -- * * 192.168.0.1 0.0.0.0/0
56 13496 LOG all -- * * 10.0.0.1 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
56 13496 DROP all -- * * 10.0.0.1 0.0.0.0/0
0 0 LOG all -- * * 217.95.25.169 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
0 0 DROP all -- * * 217.95.25.169 0.0.0.0/0
22612 5023K input_ext all -- ppp0 * 0.0.0.0/0 217.95.25.169
6027 705K input_int all -- eth0 * 0.0.0.0/0 192.168.0.1
0 0 input_int all -- eth0 * 0.0.0.0/0 10.0.0.1
0 0 input_int all -- wlan0 * 0.0.0.0/0 192.168.0.1
0 0 input_int all -- wlan0 * 0.0.0.0/0 10.0.0.1
377 54660 DROP all -- eth0 * 0.0.0.0/0 192.168.0.255
0 0 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
0 0 DROP all -- wlan0 * 0.0.0.0/0 192.168.0.255
23 7544 DROP all -- wlan0 * 0.0.0.0/0 255.255.255.255
0 0 DROP all -- eth0 * 0.0.0.0/0 10.0.0.255
0 0 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
0 0 DROP all -- wlan0 * 0.0.0.0/0 10.0.0.255
0 0 DROP all -- wlan0 * 0.0.0.0/0 255.255.255.255
0 0 LOG all -- eth0 * 0.0.0.0/0 217.95.25.169 LOG flags 6 level 4 prefix `SuSE-FW-ACCESS_DENIED_INT '
0 0 DROP all -- eth0 * 0.0.0.0/0 217.95.25.169
0 0 LOG all -- wlan0 * 0.0.0.0/0 217.95.25.169 LOG flags 6 level 4 prefix `SuSE-FW-ACCESS_DENIED_INT '
0 0 DROP all -- wlan0 * 0.0.0.0/0 217.95.25.169
1 48 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ILLEGAL-TARGET '
1 48 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
86 4092 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 ACCEPT all -- eth0 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wlan0 wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp0 ppp0 0.0.0.0/0 0.0.0.0/0
1186 253K forward_ext all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
1082 116K forward_int all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 forward_int all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ILLEGAL-ROUTING '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-ERROR '

Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination
10559 3006K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix `SuSE-FW-TRACEROUTE-ATTEMPT '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
3 1296 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 3
2 1152 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 9
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 10
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 13
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
24156 6218K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-OUTPUT-ERROR '

Chain forward_dmz (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 217.95.25.169 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
0 0 DROP all -- * * 217.95.25.169 0.0.0.0/0
0 0 LOG all -- * * 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
0 0 DROP all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 LOG all -- * * 10.0.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
0 0 DROP all -- * * 10.0.0.0/24 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 192.168.0.1 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
0 0 DROP all -- * * 0.0.0.0/0 192.168.0.1
0 0 LOG all -- * * 0.0.0.0/0 10.0.0.1 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
0 0 DROP all -- * * 0.0.0.0/0 10.0.0.1
0 0 LOG all -- * * 0.0.0.0/0 217.95.25.169 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
0 0 DROP all -- * * 0.0.0.0/0 217.95.25.169
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-RELATED '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-RELATED '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 LOG all -- * ppp0 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-MASQ '
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-MASQ '
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.3 state NEW,RELATED,ESTABLISHED tcp dpt:4677
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.3 state NEW,RELATED,ESTABLISHED tcp dpt:6112
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.2 state NEW,RELATED,ESTABLISHED tcp dpt:4244
0 0 LOG udp -- ppp0 * 0.0.0.0/0 192.168.0.1 udp dpt:4245 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REVERSE_MASQ '
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 192.168.0.1 state NEW,RELATED,ESTABLISHED udp dpt:4245
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain forward_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
0 0 DROP all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 LOG all -- * * 10.0.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
0 0 DROP all -- * * 10.0.0.0/24 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 192.168.0.1 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
0 0 DROP all -- * * 0.0.0.0/0 192.168.0.1
0 0 LOG all -- * * 0.0.0.0/0 10.0.0.1 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
0 0 DROP all -- * * 0.0.0.0/0 10.0.0.1
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-RELATED '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-RELATED '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 LOG all -- * ppp0 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-MASQ '
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
1186 253K LOG all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-MASQ '
1186 253K ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.3 state NEW,RELATED,ESTABLISHED tcp dpt:4677
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.3 state NEW,RELATED,ESTABLISHED tcp dpt:6112
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.2 state NEW,RELATED,ESTABLISHED tcp dpt:4244
0 0 LOG udp -- ppp0 * 0.0.0.0/0 192.168.0.1 udp dpt:4245 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REVERSE_MASQ '
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 192.168.0.1 state NEW,RELATED,ESTABLISHED udp dpt:4245
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain forward_int (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 217.95.25.169 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
0 0 DROP all -- * * 217.95.25.169 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 217.95.25.169 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
0 0 DROP all -- * * 0.0.0.0/0 217.95.25.169
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-RELATED '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-RELATED '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 LOG all -- eth0 wlan0 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-CLASS '
0 0 ACCEPT all -- eth0 wlan0 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- wlan0 eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-CLASS '
0 0 ACCEPT all -- wlan0 eth0 0.0.0.0/0 0.0.0.0/0
1082 116K LOG all -- * ppp0 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-MASQ '
1082 116K ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-MASQ '
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.3 state NEW,RELATED,ESTABLISHED tcp dpt:4677
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.3 state NEW,RELATED,ESTABLISHED tcp dpt:6112
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.0.2 state NEW,RELATED,ESTABLISHED tcp dpt:4244
0 0 LOG udp -- ppp0 * 0.0.0.0/0 192.168.0.1 udp dpt:4245 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REVERSE_MASQ '
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 192.168.0.1 state NEW,RELATED,ESTABLISHED udp dpt:4245
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain input_dmz (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 217.95.25.169 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF-idmz '
0 0 DROP all -- * * 217.95.25.169 0.0.0.0/0
0 0 LOG all -- * * 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF-idmz '
0 0 DROP all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 LOG all -- * * 10.0.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF-idmz '
0 0 DROP all -- * * 10.0.0.0/24 0.0.0.0/0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-PING '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 14 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-REJECT '
0 0 reject_func tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpts:1024:65535
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:600:65535 flags:!0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 flags:!0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpt:20 flags:!0x16/0x02
0 0 LOG udp -- * * 192.168.0.1 0.0.0.0/0 udp spt:53 dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:1024:65535
0 0 LOG tcp -- * * 192.0.0.0/8 0.0.0.0/0 tcp dpt:904 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REDIRECT '
0 0 ACCEPT tcp -- * * 192.0.0.0/8 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:904
0 0 LOG tcp -- * * 10.0.0.0/8 0.0.0.0/0 tcp dpt:904 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REDIRECT '
0 0 ACCEPT tcp -- * * 10.0.0.0/8 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:904
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain input_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF-iext '
0 0 DROP all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 LOG all -- * * 10.0.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF-iext '
0 0 DROP all -- * * 10.0.0.0/24 0.0.0.0/0
0 0 LOG icmp -- * * 217.95.25.169 0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-SOURCEQUENCH '
0 0 ACCEPT icmp -- * * 217.95.25.169 0.0.0.0/0 icmp type 4
43 2164 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-PING '
43 2164 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 14 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
958 145K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
958 145K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:443
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:993
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:22
362 170K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
362 170K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:25
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-REJECT '
0 0 reject_func tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
17870 4512K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
17870 4512K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpts:1024:65535
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:600:65535 flags:!0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 flags:!0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpt:20 flags:!0x16/0x02
0 0 LOG udp -- * * 192.168.0.1 0.0.0.0/0 udp spt:53 dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
323 41743 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
323 41743 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:1024:65535
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:61000:65095 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED udp dpts:61000:65095
0 0 LOG tcp -- * * 192.0.0.0/8 0.0.0.0/0 tcp dpt:904 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REDIRECT '
0 0 ACCEPT tcp -- * * 192.0.0.0/8 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:904
0 0 LOG tcp -- * * 10.0.0.0/8 0.0.0.0/0 tcp dpt:904 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REDIRECT '
0 0 ACCEPT tcp -- * * 10.0.0.0/8 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:904
3055 152K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
3055 152K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain input_int (4 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 217.95.25.169 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF-iint '
0 0 DROP all -- * * 217.95.25.169 0.0.0.0/0
6027 705K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ALL-INTERNAL '
6027 705K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-PING '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 14 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-ICMP '
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:30000 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpts:1:30000
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-REJECT '
0 0 reject_func tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpts:1024:65535
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:600:65535 flags:!0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 flags:!0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpt:20 flags:!0x16/0x02
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1:30000 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:1:30000
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:32768 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:32768
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:32769 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:32769
0 0 LOG udp -- * * 192.168.0.1 0.0.0.0/0 udp spt:53 dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:1024:65535
0 0 LOG tcp -- * * 192.0.0.0/8 0.0.0.0/0 tcp dpt:904 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REDIRECT '
0 0 ACCEPT tcp -- * * 192.0.0.0/8 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:904
0 0 LOG tcp -- * * 10.0.0.0/8 0.0.0.0/0 tcp dpt:904 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-REDIRECT '
0 0 ACCEPT tcp -- * * 10.0.0.0/8 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:904
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain reject_func (3 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable

iptables -t nat -L -nv schrieb:
server:/home/alex0801 # iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 4865 packets, 295K bytes)
pkts bytes target prot opt in out source destination
132 6336 REDIRECT tcp -- * * 192.0.0.0/8 0.0.0.0/0 tcp dpt:80 redir ports 904
0 0 REDIRECT tcp -- * * 10.0.0.0/8 0.0.0.0/0 tcp dpt:80 redir ports 904
0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 217.95.25.169 tcp dpt:4677 to:192.168.0.3:4677
0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 217.95.25.169 tcp dpt:6112 to:192.168.0.3:6112
0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 217.95.25.169 tcp dpt:4244 to:192.168.0.2:4244
0 0 DNAT udp -- ppp0 * 0.0.0.0/0 217.95.25.169 udp dpt:4245 to:192.168.0.1:4245

Chain POSTROUTING (policy ACCEPT 216 packets, 26969 bytes)
pkts bytes target prot opt in out source destination
1504 96316 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1732 packets, 127K bytes)
pkts bytes target prot opt in out source destination

iptalbles -t mangle -L -nv schrieb:
server:/home/alex0801 # iptables -t mangle -L -nv
Chain PREROUTING (policy ACCEPT 47217 packets, 9928K bytes)
pkts bytes target prot opt in out source destination
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:20 TOS set 0x08
1848 1604K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp spt:80 TOS set 0x08
2452 443K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp spt:53 TOS set 0x10
1991 120K TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:53 TOS set 0x10
0 0 TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:161 TOS set 0x04
0 0 TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:162 TOS set 0x04
0 0 TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 TOS set 0x04

Chain INPUT (policy ACCEPT 41697 packets, 9087K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 5461 packets, 829K bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 36649 packets, 9568K bytes)
pkts bytes target prot opt in out source destination
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:20 TOS set 0x08
867 489K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp spt:80 TOS set 0x08
1817 352K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp spt:53 TOS set 0x10
2230 138K TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:53 TOS set 0x10
0 0 TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:161 TOS set 0x04
0 0 TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpt:162 TOS set 0x04
0 0 TOS udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 TOS set 0x04

Chain POSTROUTING (policy ACCEPT 42323 packets, 10M bytes)
pkts bytes target prot opt in out source destination

/etc/hdcp.conf schrieb:
server:/home/alex0801 # cat /etc/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none; ddns-updates off;
log-facility local7;
allow bootp;

# nur zum testen im wired-net
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.10 192.168.0.20;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
}

subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.10 10.0.0.20;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
}

dhcp-teil aus /var/log/messages schrieb:
Oct 22 19:05:17 server dhcpd: Internet Software Consortium DHCP Server V3.0.1rc12
Oct 22 19:05:17 server dhcpd: Copyright 1995-2003 Internet Software Consortium.
Oct 22 19:05:17 server dhcpd: All rights reserved.
Oct 22 19:05:17 server dhcpd: For info, please visit http://www.isc.org/products/DHCP
Oct 22 19:05:17 server dhcpd: Wrote 0 leases to leases file.
Oct 22 19:05:17 server dhcpd: Listening on Socket/wlan0/10.0.0.0/24
Oct 22 19:05:17 server dhcpd: Sending on Socket/wlan0/10.0.0.0/24
Oct 22 19:05:17 server dhcpd: Sending on Socket/fallback/fallback-net

Gruß
Alex

imat · 22 Okt. 2004

Firewall problem, du blockierst einkommende broadcast pakete auf wlan0

Du benutzt die SuSE-Firewall wie ich sehe ....

Dann mach mal folgendes

/etc/sysconfig/SuSEfirewall2

FW_SERVICE_DHCPD="yes"

rcSuSEfirewall2 restart

glücklich sein

Anonymous · 22 Okt. 2004

JO, ich werds testen.
Aber damit ich auch was lerne: An welcher Zeile hast du das jetzt erkannt ?!

Gruß
Alex

[update]
jepp, DAT GEHJT...
vielen vielen Dank. Das Forum is is echt klasse. Lauter kompetente Leute hier.

imat · 22 Okt. 2004

iptables -L -nv schrieb:
server:/home/alex0801 # iptables -L -nv
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10559 3006K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 127.0.0.0/8 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
0 0 LOG all -- * * 0.0.0.0/0 127.0.0.0/8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
0 0 DROP all -- * * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 127.0.0.0/8
56 13496 LOG all -- * * 192.168.0.1 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
56 13496 DROP all -- * * 192.168.0.1 0.0.0.0/0
56 13496 LOG all -- * * 10.0.0.1 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
56 13496 DROP all -- * * 10.0.0.1 0.0.0.0/0
0 0 LOG all -- * * 217.95.25.169 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
0 0 DROP all -- * * 217.95.25.169 0.0.0.0/0
22612 5023K input_ext all -- ppp0 * 0.0.0.0/0 217.95.25.169
6027 705K input_int all -- eth0 * 0.0.0.0/0 192.168.0.1
0 0 input_int all -- eth0 * 0.0.0.0/0 10.0.0.1
0 0 input_int all -- wlan0 * 0.0.0.0/0 192.168.0.1
0 0 input_int all -- wlan0 * 0.0.0.0/0 10.0.0.1
377 54660 DROP all -- eth0 * 0.0.0.0/0 192.168.0.255
0 0 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
0 0 DROP all -- wlan0 * 0.0.0.0/0 192.168.0.255
23 7544 DROP all -- wlan0 * 0.0.0.0/0 255.255.255.255

Die letzte Zeile ist die wichtige, hier werden alle eingehenden broadcasts auf wlan0 gedropt (zeigt der counter auch schön an

23 Pakete)

Anonymous · 22 Okt. 2004

jetzt wo du's sagst seh ichs auch

hoffe daß ich das nächste mal solch ein Problem dann selbst hin bekomme.
Scheinbar hängts bei mir meistens an der Firewall.
Muss mich da noch einarbeiten. Die SuSE FW is ja schön und gut, aber da weiß eigentlich nur der der sie erstellt hat was wie funktioniert.

ABer bis ich dann soweit bin dauerts noch ne ganze Weile. Hab auch schon nach nem Tool gesucht mit dem man sich einzelne Regeln zusammenklicken kann, ähnlich wie bei der "Checkpoint Firewall" (finde die ganz ok, is nur zu teuer), aber bisher war meine Suche erfolglos.

Gut, dann sag ich nochmals danke für die schnelle und kompetente hilfe...

Gruß
Alex

imat · 22 Okt. 2004

Die SuSE Firewall on CD 2 hat einen richtig schönen iptables Editor.
Leider wurde das Produkt jedoch eingestellt

Aber mit etwas Glück könnte es sein dass es in absehbarer Zeit OpenSource wird

Ansonsten gibt es schon den einen oder anderen Editor für iptables, aber ich konnte noch keinen finden der mich überzeugt hat.

Anonymous · 22 Okt. 2004

hast du da zufällig n paar screenshots parat ?

bastle gerade an der nächsten erweiterung: openvpn für's wlan.
da wirds dann zwangsläufig notwendig sich mit iptables auseinander zu setzen da die SuSEfw2 da nix passendes parat hat (bastle gerade nach der anleitung hier: http://www.newbie-net.de/anleitung_wlan_vpn.html)

was mich noch an openvpn stört ist daß der key static ist. hab mich da auch noch nicht so eingearbeitet. vielleichts gibts da noch was dynamisches... mal sehen.

ach ja: brauche den ganzen kram hierfür: www.kraichgau-wireless-network.de

Gruß
Alex

Anonymous · 23 Okt. 2004

Da fällt mir gerade noch was ein: Das fiese an der Geschichte hier ist daß trotz vollem Logging-Umfang der SuSE FW2 kein Sterbenswörtchen von wegen geblocktem broadcast in /var/log/messages erschienen ist...
Sonst wär ich ja wohlmöglich alleine drauf gekommen..

z z z z

- Alex

DHCP antwortet nicht ?!

Anonymous

Gast

Anonymous

Gast

Guru

Anonymous

Gast

Member

Anonymous

Gast

Member

Anonymous

Gast

Member

Anonymous

Gast

Anonymous

Gast

Member

Anonymous

Gast

Member

Anonymous

Gast

Member

Anonymous

Gast

Member

Anonymous

Gast

Anonymous

Gast