guepe J'ai du noir sur la truffe ? | J'utilise un routeur avec openwrt d'installer : tout fonctionne bien pour moi, cependant aucune des machines dans le réseau ne peut se connecter à un serveur VPN (pptp, windows) externe. C'est d'après mes frénétiques recherches un problème de firewall, et la réponse la plus pertinente que j'ai trouvée est : I just add the following rule more. -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited (source http://forums.fedoraforum.org/sosa [...] hp?t=63572 ) Mais cela dépasse pas mal mes compétences. Auriez-vous des réponses ? [edit] Code :
- root@OpenWrt:/etc# iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- DROP all -- anywhere anywhere state INVALID
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT all -- anywhere anywhere
- syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
- input_rule all -- anywhere anywhere
- input all -- anywhere anywhere
- Chain FORWARD (policy DROP)
- target prot opt source destination
- zone_wan_MSSFIX all -- anywhere anywhere
- DROP all -- anywhere anywhere state INVALID
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- forwarding_rule all -- anywhere anywhere
- forward all -- anywhere anywhere
- reject all -- anywhere anywhere
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- DROP all -- anywhere anywhere state INVALID
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT all -- anywhere anywhere
- output_rule all -- anywhere anywhere
- output all -- anywhere anywhere
- Chain forward (1 references)
- target prot opt source destination
- zone_lan_forward all -- anywhere anywhere
- zone_wan_forward all -- anywhere anywhere
- Chain forwarding_lan (1 references)
- target prot opt source destination
- Chain forwarding_rule (1 references)
- target prot opt source destination
- Chain forwarding_wan (1 references)
- target prot opt source destination
- Chain input (1 references)
- target prot opt source destination
- zone_lan all -- anywhere anywhere
- zone_wan all -- anywhere anywhere
- Chain input_lan (1 references)
- target prot opt source destination
- Chain input_rule (1 references)
- target prot opt source destination
- Chain input_wan (1 references)
- target prot opt source destination
- Chain output (1 references)
- target prot opt source destination
- zone_lan_ACCEPT all -- anywhere anywhere
- zone_wan_ACCEPT all -- anywhere anywhere
- Chain output_rule (1 references)
- target prot opt source destination
- Chain reject (5 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere reject-with tcp-reset
- REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
- Chain syn_flood (1 references)
- target prot opt source destination
- RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
- DROP all -- anywhere anywhere
- Chain zone_lan (1 references)
- target prot opt source destination
- input_lan all -- anywhere anywhere
- zone_lan_ACCEPT all -- anywhere anywhere
- Chain zone_lan_ACCEPT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- Chain zone_lan_DROP (0 references)
- target prot opt source destination
- DROP all -- anywhere anywhere
- DROP all -- anywhere anywhere
- Chain zone_lan_MSSFIX (0 references)
- target prot opt source destination
- TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
- Chain zone_lan_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere
- reject all -- anywhere anywhere
- Chain zone_lan_forward (1 references)
- target prot opt source destination
- zone_wan_ACCEPT all -- anywhere anywhere
- forwarding_lan all -- anywhere anywhere
- zone_lan_REJECT all -- anywhere anywhere
- Chain zone_wan (1 references)
- target prot opt source destination
- ACCEPT udp -- anywhere anywhere udp dpts:10001:20000
- ACCEPT tcp -- anywhere anywhere tcp dpt:443
- ACCEPT tcp -- anywhere anywhere tcp dpt:22
- ACCEPT udp -- anywhere anywhere udp dpt:68
- input_wan all -- anywhere anywhere
- zone_wan_REJECT all -- anywhere anywhere
- Chain zone_wan_ACCEPT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- root@OpenWrt:/etc# iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- DROP all -- anywhere anywhere state INVALID
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT all -- anywhere anywhere
- syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
- input_rule all -- anywhere anywhere
- input all -- anywhere anywhere
- Chain FORWARD (policy DROP)
- target prot opt source destination
- zone_wan_MSSFIX all -- anywhere anywhere
- DROP all -- anywhere anywhere state INVALID
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- forwarding_rule all -- anywhere anywhere
- forward all -- anywhere anywhere
- reject all -- anywhere anywhere
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- DROP all -- anywhere anywhere state INVALID
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT all -- anywhere anywhere
- output_rule all -- anywhere anywhere
- output all -- anywhere anywhere
- Chain forward (1 references)
- target prot opt source destination
- zone_lan_forward all -- anywhere anywhere
- zone_wan_forward all -- anywhere anywhere
- Chain forwarding_lan (1 references)
- target prot opt source destination
- Chain forwarding_rule (1 references)
- target prot opt source destination
- Chain forwarding_wan (1 references)
- target prot opt source destination
- Chain input (1 references)
- target prot opt source destination
- zone_lan all -- anywhere anywhere
- zone_wan all -- anywhere anywhere
- Chain input_lan (1 references)
- target prot opt source destination
- Chain input_rule (1 references)
- target prot opt source destination
- Chain input_wan (1 references)
- target prot opt source destination
- Chain output (1 references)
- target prot opt source destination
- zone_lan_ACCEPT all -- anywhere anywhere
- zone_wan_ACCEPT all -- anywhere anywhere
- Chain output_rule (1 references)
- target prot opt source destination
- Chain reject (5 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere reject-with tcp-reset
- REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
- Chain syn_flood (1 references)
- target prot opt source destination
- RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
- DROP all -- anywhere anywhere
- Chain zone_lan (1 references)
- target prot opt source destination
- input_lan all -- anywhere anywhere
- zone_lan_ACCEPT all -- anywhere anywhere
- Chain zone_lan_ACCEPT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- Chain zone_lan_DROP (0 references)
- target prot opt source destination
- DROP all -- anywhere anywhere
- DROP all -- anywhere anywhere
- Chain zone_lan_MSSFIX (0 references)
- target prot opt source destination
- TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
- Chain zone_lan_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere
- reject all -- anywhere anywhere
- Chain zone_lan_forward (1 references)
- target prot opt source destination
- zone_wan_ACCEPT all -- anywhere anywhere
- forwarding_lan all -- anywhere anywhere
- zone_lan_REJECT all -- anywhere anywhere
- Chain zone_wan (1 references)
- target prot opt source destination
- ACCEPT udp -- anywhere anywhere udp dpts:10001:20000
- ACCEPT tcp -- anywhere anywhere tcp dpt:443
- ACCEPT tcp -- anywhere anywhere tcp dpt:22
- ACCEPT udp -- anywhere anywhere udp dpt:68
- input_wan all -- anywhere anywhere
- zone_wan_REJECT all -- anywhere anywhere
- Chain zone_wan_ACCEPT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- Chain zone_wan_DROP (0 references)
- target prot opt source destination
- DROP all -- anywhere anywhere
- DROP all -- anywhere anywhere
- Chain zone_wan_MSSFIX (1 references)
- target prot opt source destination
- TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
- Chain zone_wan_REJECT (2 references)
- target prot opt source destination
- reject all -- anywhere anywhere
- reject all -- anywhere anywhere
- Chain zone_wan_forward (1 references)
- target prot opt source destination
- ACCEPT udp -- anywhere 192.168.1.3 udp dpts:10001:20000
- ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:443
- ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:22
- forwarding_wan all -- anywhere anywhere
- zone_wan_REJECT all -- anywhere anywhere
| Merci ! Message édité par guepe le 15-09-2010 à 02:07:56 ---------------
Un blog qu'il est bien
|