Topic: Strange (squid?) problem...

[mmccarn]

Yes, but your 'FORWARD' chain does indeed look abbreviated; here's what I get from  iptables -L -n -v ( I have several forwarding rules configured):

Code: [Select]

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
5046K 7147M state_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 2248  366K local_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   13  4536 PPPconn    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    all  --  *      *       224.0.0.0/4          0.0.0.0/0
    0     0 denylog    all  --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 InboundICMP  icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 InboundTCP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02
    0     0 denylog    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02
   13  4536 InboundUDP  udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 gre-in     47   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    47   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 state_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 local_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ForwardedTCP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02
    0     0 ForwardedUDP  udp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
2519K  147M PPPconn    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    all  --  *      *       224.0.0.0/4          0.0.0.0/0
    0     0 denylog    all  --  *      *       0.0.0.0/0            224.0.0.0/4
2519K  147M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ForwardedTCP (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ForwardedTCP_3600  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02

Chain ForwardedTCP_3600 (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ForwardedUDP (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ForwardedUDP_3600  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    udp  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ForwardedUDP_3600 (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain InboundICMP (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 InboundICMP_3600  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    icmp --  *      *       0.0.0.0/0            0.0.0.0/0

Chain InboundICMP_3600 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12
    0     0 denylog    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain InboundTCP (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 InboundTCP_3600  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02

Chain InboundTCP_3600 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 denylog    all  --  *      *       0.0.0.0/0           !192.168.200.1
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:113 reject-with tcp-reset
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:2222
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.1       tcp dpt:465

Chain InboundUDP (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13  4536 InboundUDP_3600  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 denylog    udp  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain InboundUDP_3600 (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13  4536 denylog    all  --  *      *       0.0.0.0/0           !192.168.200.1

Chain PPPconn (2 references)
 pkts bytes target     prot opt in     out     source               destination
2519K  147M PPPconn_1  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain PPPconn_1 (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain denylog (20 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:520
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:137:139
   13  4536 ULOG       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix `denylog:' queue_threshold 1
   13  4536 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain gre-in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 denylog    all  --  *      *       0.0.0.0/0           !192.168.200.1
    0     0 denylog    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain local_chk (2 references)
 pkts bytes target     prot opt in     out     source               destination
 2248  366K local_chk_3600  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain local_chk_3600 (1 references)
 pkts bytes target     prot opt in     out     source               destination
  372 25290 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
 1863  336K ACCEPT     all  --  *      *       192.168.200.0/24     0.0.0.0/0

Chain state_chk (2 references)
 pkts bytes target     prot opt in     out     source               destination
5044K 7147M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

Do you have any custom templates for masq in /etc/e-smith/templates-custom/etc/rc.d/init.d/masq?

[Old Lodge Skins]

Nope, it doesn't go further than /etc/e-smith/templates-custom/etc/ then I only have httpd and proftpd.conf in there.
Do you know if there's a way to restore the iptables rules from the begining?

[raem]

Old Lodge Skins

>...Do you know if there's a way to restore the iptables rules from the begining?
remove any custom templates
remove any add on packages you installed
signal-event post-upgrade
reboot

Test if OK
Install any packages you require & test again
Redo any custom template changes you require & test again.
Note that rpms should not put templates in the custom templates area.

[Old Lodge Skins]

... Well since I have not made any custom template...
I could try to remove snort. Actually I didn't install much contribs on this server... Well at least I can try this. I'll see that this afternoon.

Seb.

[raem]

Old Lodge Skins

You could try
signal-event post-upgrade
reboot

but if you have template fragments that are creating wrong settings, then the same wrong settings will be automatically recreated.
It's worth a try though.
If that doesn't fix things, then remove snort and anything else you have installed & do the post upgrade reboot again.

[Old Lodge Skins]

Ray, I've done a signal-event post-upgrade & reboot several times already...

Actually at the moment I'm thinking that if I can find enough room on an other hard drive to make a backup of my data i'd better install a fresh new 7.1.3 it'd be simpler.

Seb.

[Old Lodge Skins]

Ok guys thanks to all for your help... Problem solved by reinstalling the whole beast. I should have done that sooner, took me less than one hour...

Seb.