Re: Réseau bizarre

Top Page

Reply to this message
Author: Patrice Karatchentzeff
Date:  
CC: guilde
Subject: Re: Réseau bizarre
Le 10/10/05, sylvain letuffe<sylvain@???> a écrit :
>
> Je pense comme Jean-Noel, ça sent le iptables à plein nez !
>
> un p'tit
> $iptables -L
> pour qu'on se fasse une idée ?


 # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  192.168.0.0          acina.croissy.seine-et-marne.fr
ACCEPT     all  --  192.168.0.255        acina.croissy.seine-et-marne.fr
ACCEPT     all  --  anywhere            
mla78-1-82-240-19-179.fbx.proxad.net state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere            
mla78-1-82-240-19-179.fbx.proxad.net tcp dpt:ssh state NEW,ESTABLISHED
ULOG       all  --  anywhere             anywhere            ULOG
copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1


Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.0.0         tcp
dpt:www state NEW,RELATED,ESTABLISHED,UNTRACKED
ACCEPT     tcp  --  192.168.0.0          anywhere            tcp
spt:www state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.0.0          anywhere            state
NEW,RELATED,ESTABLISHED,UNTRACKED
ACCEPT     all  --  anywhere             192.168.0.0         state
RELATED,ESTABLISHED


Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  acina.croissy.seine-et-marne.fr  192.168.0.0
ACCEPT     all  --  acina.croissy.seine-et-marne.fr  192.168.0.255
ACCEPT     all  --  mla78-1-82-240-19-179.fbx.proxad.net  anywhere    
       state NEW,RELATED,ESTABLISHED,UNTRACKED
ULOG       all  --  anywhere             anywhere            ULOG copy



> sinon un ping sur le loopback ça donne quoi ?
> $ping 127.0.0.1 ?


# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.6 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.1 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.1 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.1 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.1 ms

--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.2/0.6 ms

>
> un ping sur l'interface elle même ?
> $ping 192.168.0.soit-meme


# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=0.2 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.1 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.1 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.1 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.1 ms

--- 192.168.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms

> la même chose après un iptables -F


# iptables -F
root-/home/mk/A
# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
ping: sendto: Operation not permitted
ping: wrote 192.168.0.1 64 chars, ret=-1
ping: sendto: Operation not permitted
ping: wrote 192.168.0.1 64 chars, ret=-1
ping: sendto: Operation not permitted
ping: wrote 192.168.0.1 64 chars, ret=-1
ping: sendto: Operation not permitted
ping: wrote 192.168.0.1 64 chars, ret=-1

--- 192.168.0.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

À noter que si on enlève le firewall, j'ai toujours les mêmes soucis...

PK

--
      |\      _,,,---,,_       Patrice KARATCHENTZEFF
ZZZzz /,`.-'`'    -.  ;-;;,_   mailto:p.karatchentzeff@free.fr
     |,4-  ) )-,_. ,\ (  `'-'  http://p.karatchentzeff.free.fr
    '---''(_/--'  `-'\_)