I seem to have a slight problem ....
All I am trying to do is forward UDP port 4569 to an internal server, from my SME6.0 server which is in gateway mode, directly connected to the internet (i.e. no other firewalls or NAT devices upstream of it).
I have set up a rule using the port forwarding panel....but when i watch the logs and try and connect to the forwarded port from an expernal IP i get the following:
denylog:IN=eth1 OUT= MAC=00:0e:2e:06:8f:a0:00:90:96:53:58:55:xx:00 SRC=61.218.152.xxx DST=10.0.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=39565 PROTO=UDP SPT=65267 DPT=4569 LEN=20
Output of "iptables -L" :
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
PPPconn all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
InboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
InboundTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
InboundUDP udp -- anywhere anywhere
denylog udp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc
gre-in gre -- anywhere anywhere
denylog gre -- anywhere anywhere
denylog all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:4569
ACCEPT udp -- anywhere anywhere udp dpt:4569
Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
ForwardedTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
ForwardedUDP udp -- anywhere anywhere
denylog all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
OutboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_7672 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
Chain ForwardedTCP_7672 (1 references)
target prot opt source destination
Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_7672 all -- anywhere anywhere
denylog udp -- anywhere anywhere
Chain ForwardedUDP_7672 (1 references)
target prot opt source destination
ACCEPT udp -- anywhere pc-00008.protechnz.comudp dpt:4569
Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_7672 all -- anywhere anywhere
denylog icmp -- anywhere anywhere
Chain InboundICMP_7672 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere
Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_7672 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
Chain InboundTCP_7672 (1 references)
target prot opt source destination
denylog all -- anywhere !10.0.0.2
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
denylog tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
denylog tcp -- anywhere anywhere tcp dpt:imap2
denylog tcp -- anywhere anywhere tcp dpt:ldap
denylog tcp -- anywhere anywhere tcp dpt:pop3
denylog tcp -- anywhere anywhere tcp dpt:1723
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
denylog tcp -- anywhere anywhere tcp dpt:ssh
denylog tcp -- anywhere anywhere tcp dpt:telnet
Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_7672 all -- anywhere anywhere
denylog udp -- anywhere anywhere
Chain InboundUDP_7672 (1 references)
target prot opt source destination
denylog all -- anywhere !10.0.0.2
Chain OutboundICMP (1 references)
target prot opt source destination
OutboundICMP_7672 all -- anywhere anywhere
denylog icmp -- anywhere anywhere
Chain OutboundICMP_7672 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere
Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- anywhere anywhere
Chain PPPconn_1 (1 references)
target prot opt source destination
Chain denylog (26 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:route
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
LOG all -- anywhere anywhere LOG level warning prefix denylog:'
DROP all -- anywhere anywhere
Chain gre-in (1 references)
target prot opt source destination
denylog all -- anywhere !10.0.0.2
denylog all -- anywhere anywhere
Chain local_chk (2 references)
target prot opt source destination
local_chk_7672 all -- anywhere anywhere
Chain local_chk_7672 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere
Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Why are these packets being denied when there is a rule meant to catch them???
2 Replies
1195 Views