[törölve]A tűzfal kérdésről a következőket tudom elmondani, mivel hiányos a tudásom:
Firestarter nem megy rajta (bár telepítve van, de kézileg indítom). Ha más tűzfal megy, akkor fogalmam sincs, hogy melyik az és miért megy. az iptables -L kimenete az alábbi:
sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- speedtouch.lan anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- speedtouch.lan anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 10.0.0.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- user2-desktop8.lan speedtouch.lan tcp dpt:domain
ACCEPT udp -- user2-desktop8.lan speedtouch.lan udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Próbáltam az összes szabályt törölni, de látszólag az sem segített a problémán (ssh), de az iptables -L kimenete alaposan lerövidült :-)
Azt sem tudtam, hogy ezután kell-e leállítani és újraindítani valamit, úgyhogy ezt csak mint elkeseredett próbálkozást vegyük figyelembe, mert a tudásom ehhez sovány.
A sudo /etc/init.d/ssh stop és start megy, semmi hibaüzenet nincs.
a 22-es porton ezt adja:
$ ssh user2@10.0.0.2 -p 22
The authenticity of host '10.0.0.2 (10.0.0.2)' can't be established.
RSA key fingerprint is a3:5b:9d:6d:6e:4c:3c:93:7f:74:e1:57:7b:83:46:a9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.2' (RSA) to the list of known hosts.
user2@10.0.0.2's password:
Permission denied, please try again.
user2@10.0.0.2's password:
Linux user2-desktop804beta 2.6.24-23-generic #1 SMP Thu Nov 27 18:44:42 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Thu Jan 15 19:22:00 2009 from user2-desktop8.lan
2323-on ezt:
ssh user2@10.0.0.2 -p 2323
ssh: connect to host 10.0.0.2 port 2323: Connection refused