[Firewall] Self-connect possible?

Roland Haeder r.haeder at gmx.de
Fri Mar 19 14:40:16 CET 2010


I still cannot connect to myself. Here is my firewall.conf file with all
settings.

--------------------------------------------------------------
BAD_FLAGS_LOG=1
BLOCKED_HOST_LOG=1
BLOCK_HOSTS=""
BROADCAST_TCP_NOLOG=""
COMPILED_IN_KERNEL_MESSAGES=1
CONNTRACK=16384
CUSTOM_RULES="/etc/arno-iptables-firewall/custom-rules"
DEFAULT_POLICY_DROP=1
DEFAULT_TTL=64
DENY_IP_OUTPUT=""
DENY_TCP=""
DENY_TCP_NOLOG=""
DENY_TCP_OUTPUT=""
DENY_UDP=""
DENY_UDP_NOLOG=""
DENY_UDP_OUTPUT=""
DISABLE_IPTABLES_BATCH=0
DMESG_PANIC_ONLY=1
DMZ_HOST_OPEN_IP=""
DMZ_HOST_OPEN_TCP=""
DMZ_HOST_OPEN_UDP=""
DMZ_IF=""
DMZ_INET_DENY_IP=""
DMZ_INET_DENY_TCP=""
DMZ_INET_DENY_UDP=""
DMZ_INET_HOST_DENY_IP=""
DMZ_INET_HOST_DENY_TCP=""
DMZ_INET_HOST_DENY_UDP=""
DMZ_INET_HOST_OPEN_IP=""
DMZ_INET_HOST_OPEN_TCP=""
DMZ_INET_HOST_OPEN_UDP=""
DMZ_INET_OPEN_ICMP=1
DMZ_INET_OPEN_IP=""
DMZ_INET_OPEN_TCP=""
DMZ_INET_OPEN_UDP=""
DMZ_INPUT_DENY_LOG=1
DMZ_LAN_HOST_OPEN_IP=""
DMZ_LAN_HOST_OPEN_TCP=""
DMZ_LAN_HOST_OPEN_UDP=""
DMZ_LAN_OPEN_ICMP=0
DMZ_NET=""
DMZ_OPEN_ICMP=1
DMZ_OPEN_IP=""
DMZ_OPEN_TCP=""
DMZ_OPEN_UDP=""
DMZ_OUTPUT_DENY_LOG=1
DRDOS_PROTECT=0
DROP_PRIVATE_ADDRESSES=0
ECHO_IGNORE=0
ECN=0
ENV_FILE="/usr/share/arno-iptables-firewall/environment"
EXTERNAL_DHCP_SERVER=0
EXT_IF="$DC_EXT_IF"
EXT_IF_DHCP_IP=$DC_EXT_IF_DHCP_IP
FIREWALL_LOG="/var/log/arno-iptables-firewall"
FRAG_LOG=1
FULL_ACCESS_HOSTS=""
HOST_DENY_ICMP=""
HOST_DENY_ICMP_NOLOG=""
HOST_DENY_IP=""
HOST_DENY_IP_NOLOG=""
HOST_DENY_IP_OUTPUT=""
HOST_DENY_TCP=""
HOST_DENY_TCP_NOLOG=""
HOST_DENY_TCP_OUTPUT=""
HOST_DENY_UDP=""
HOST_DENY_UDP_NOLOG=""
HOST_DENY_UDP_OUTPUT=""
HOST_OPEN_ICMP=""
HOST_OPEN_IP=""
HOST_OPEN_TCP=""
HOST_OPEN_UDP=""
HOST_REJECT_TCP=""
HOST_REJECT_TCP_NOLOG=""
HOST_REJECT_UDP=""
HOST_REJECT_UDP_NOLOG=""
ICMP_FLOOD_LOG=1
ICMP_OTHER_LOG=1
ICMP_REDIRECT=0
ICMP_REQUEST_LOG=1
IF_TRUSTS=""
INET_DMZ_DENY_IP=""
INET_DMZ_DENY_TCP=""
INET_DMZ_DENY_UDP=""
INET_DMZ_HOST_DENY_IP=""
INET_DMZ_HOST_DENY_TCP=""
INET_DMZ_HOST_DENY_UDP=""
INET_DMZ_HOST_OPEN_IP=""
INET_DMZ_HOST_OPEN_TCP=""
INET_DMZ_HOST_OPEN_UDP=""
INET_DMZ_OPEN_ICMP=0
INET_DMZ_OPEN_IP=""
INET_DMZ_OPEN_TCP=""
INET_DMZ_OPEN_UDP=""
INET_OUTPUT_DENY_LOG=1
INTERNAL_NET="$DC_INTERNAL_NET"
INT_IF="$DC_INT_IF"
INVALID_ICMP_LOG=0
INVALID_TCP_LOG=0
INVALID_UDP_LOG=0
IP4TABLES="/sbin/iptables"
IP6TABLES="/sbin/ip6tables"
IP_FORWARDING=1
IPV6_SUPPORT=0
LAN_DENY_IP=""
LAN_DENY_TCP=""
LAN_DENY_UDP=""
LAN_HOST_DENY_IP=""
LAN_HOST_DENY_TCP=""
LAN_HOST_DENY_UDP=""
LAN_HOST_OPEN_IP=""
LAN_HOST_OPEN_TCP=""
LAN_HOST_OPEN_UDP=""
LAN_INET_DENY_IP=""
LAN_INET_DENY_TCP=""
LAN_INET_DENY_UDP=""
LAN_INET_HOST_DENY_IP=""
LAN_INET_HOST_DENY_TCP=""
LAN_INET_HOST_DENY_UDP=""
LAN_INET_HOST_OPEN_IP=""
LAN_INET_HOST_OPEN_TCP=""
LAN_INET_HOST_OPEN_UDP=""
LAN_INET_OPEN_ICMP=1
LAN_INET_OPEN_IP=""
LAN_INET_OPEN_TCP=""
LAN_INET_OPEN_UDP=""
LAN_INPUT_DENY_LOG=1
LAN_OPEN_ICMP=1
LAN_OPEN_IP=""
LAN_OPEN_TCP=""
LAN_OPEN_UDP=""
LAN_OUTPUT_DENY_LOG=1
LOCAL_CONFIG_FILE=""
LOCAL_PORT_RANGE="32768 61000"
LOG_HOST_INPUT=""
LOG_HOST_INPUT_IP=""
LOG_HOST_INPUT_TCP=""
LOG_HOST_INPUT_UDP=""
LOG_HOST_OUTPUT=""
LOG_HOST_OUTPUT_IP=""
LOG_HOST_OUTPUT_TCP=""
LOG_HOST_OUTPUT_UDP=""
LOG_INPUT_IP=""
LOG_INPUT_TCP=""
LOG_INPUT_UDP=""
LOGLEVEL="info"
LOG_MARTIANS=0
LOG_OUTPUT_IP=""
LOG_OUTPUT_TCP=""
LOG_OUTPUT_UDP=""
LOOSE_FORWARD=0
MANGLE_TOS=1
NAT=$DC_NAT
NAT_FORWARD_IP=""
NAT_FORWARD_TCP="27910,51413,9060,5001,9978,8080>192.168.1.17"
NAT_FORWARD_UDP="27910,51413,9060,5000,5002,9978>192.168.1.17"
NAT_INTERNAL_NET="$DC_NAT_INTERNAL_NET"
NAT_LOCAL_REDIRECT=0
NMB_BROADCAST_FIX=0
NO_PMTU_DISCOVERY=0
OPEN_ICMP=$DC_OPEN_ICMP
OPEN_IP=""
OPEN_TCP="$DC_OPEN_TCP"
OPEN_UDP="$DC_OPEN_UDP"
OTHER_IP_LOG=1
PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
POSSIBLE_SCAN_LOG=1
PRIV_TCP_LOG=1
PRIV_UDP_LOG=1
REDUCE_DOS_ABILITY=1
REJECT_TCP=""
REJECT_TCP_NOLOG=""
REJECT_UDP=""
REJECT_UDP_NOLOG=""
RESERVED_NET_LOG=1
RESOLV_IPS=0
RP_FILTER=1
SCAN_LOG=1
SET_MSS=1
SOURCE_ROUTE_PROTECTION=1
SYN_PROT=1
TRACE=0
TRUSTED_IF=""
TTL_INC=0
UNPRIV_TCP_LOG=1
UNPRIV_UDP_LOG=1
USE_IRC=0
--------------------------------------------------------------

If you need some conf's from plugins, I can post them here, too.

Roland

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100319/00e76cdd/attachment.pgp>


More information about the Firewall mailing list