Linux Forums unreachable.

Ray Parrish crp at cmc.net
Thu Feb 25 14:17:12 UTC 2010 

Markus Schönhaber wrote:
> 25.02.2010 02:39, Ray Parrish:
>
>   
>> I have a dual boot machine, and from Windows XP I can connect to 
>> linuxforums.org easily.
>>     
>
> Which pretty clearly shows that it's not linuxforums.org blocking you.
>
>   
>> Something in Ubuntu is blocking me from reaching linuxforums.org, and I 
>> would like some coaching on all of the possible things that can block a 
>> certain web site from being reached.
>>
>> Could it be a firewall rule? I have some ports blocked, and have a 
>> blacklist policy in effect, as opposed to white listing traffic.
>>     
>
> Of course, it could be your packet filter causing the problem. My guess
> would be, it very likely is.
> What exactly does "have some ports blocked" and "blacklist policy in
> effect" mean?
>   

It means I have common trojan ports blocked in Firestarter, and it's 
outbound traffic policy is set to "Permmisive - blacklist unwanted 
traffic only" in Firestarter.
> What is the output of
> sudo iptables-save
>   

Here is the output, however I have no idea what the different columns mean.
> ?ray at RaysComputer:~$ sudo iptables-save
> # Generated by iptables-save v1.3.8 on Thu Feb 25 06:06:30 2010
> *nat
> :PREROUTING ACCEPT [2432:541982]
> :POSTROUTING ACCEPT [4283:246346]
> :OUTPUT ACCEPT [4307:247974]
> COMMIT
> # Completed on Thu Feb 25 06:06:30 2010
> # Generated by iptables-save v1.3.8 on Thu Feb 25 06:06:30 2010
> *mangle
> :PREROUTING ACCEPT [22229:10040446]
> :INPUT ACCEPT [19797:9498464]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [21306:2675012]
> :POSTROUTING ACCEPT [21114:2664399]
> -A OUTPUT -p tcp -m tcp --dport 20:21 -j TOS --set-tos 0x08 
> -A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos 0x08 
> -A OUTPUT -p tcp -m tcp --dport 68 -j TOS --set-tos 0x08 
> -A OUTPUT -p tcp -m tcp --dport 80 -j TOS --set-tos 0x08 
> -A OUTPUT -p tcp -m tcp --dport 443 -j TOS --set-tos 0x08 
> COMMIT
> # Completed on Thu Feb 25 06:06:30 2010
> # Generated by iptables-save v1.3.8 on Thu Feb 25 06:06:30 2010
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT DROP [1:237]
> :INBOUND - [0:0]
> :LOG_FILTER - [0:0]
> :LSI - [0:0]
> :LSO - [0:0]
> :NR - [0:0]
> :OUTBOUND - [0:0]
> -A INPUT -s 192.168.0.1 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
> -A INPUT -s 192.168.0.1 -p udp -j ACCEPT 
> -A INPUT -s 208.67.220.220 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
> -A INPUT -s 208.67.220.220 -p udp -j ACCEPT 
> -A INPUT -i lo -j ACCEPT 
> -A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT 
> -A INPUT -s ! 192.168.0.0/255.255.255.0 -i eth0 -j NR 
> -A INPUT -d 255.255.255.255 -i eth0 -j DROP 
> -A INPUT -d 192.168.0.255 -j DROP 
> -A INPUT -s 224.0.0.0/255.0.0.0 -j DROP 
> -A INPUT -d 224.0.0.0/255.0.0.0 -j DROP 
> -A INPUT -s 255.255.255.255 -j DROP 
> -A INPUT -d 0.0.0.0 -j DROP 
> -A INPUT -m state --state INVALID -j DROP 
> -A INPUT -f -m limit --limit 10/min -j LSI 
> -A INPUT -i eth0 -j INBOUND 
> -A INPUT -j LOG_FILTER 
> -A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6 
> -A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT 
> -A FORWARD -j LOG_FILTER 
> -A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6 
> -A OUTPUT -s 192.168.0.2 -d 192.168.0.1 -p tcp -m tcp --dport 53 -j ACCEPT 
> -A OUTPUT -s 192.168.0.2 -d 192.168.0.1 -p udp -m udp --dport 53 -j ACCEPT 
> -A OUTPUT -s 192.168.0.2 -d 208.67.220.220 -p tcp -m tcp --dport 53 -j ACCEPT 
> -A OUTPUT -s 192.168.0.2 -d 208.67.220.220 -p udp -m udp --dport 53 -j ACCEPT 
> -A OUTPUT -o lo -j ACCEPT 
> -A OUTPUT -s 224.0.0.0/255.0.0.0 -j DROP 
> -A OUTPUT -d 224.0.0.0/255.0.0.0 -j DROP 
> -A OUTPUT -s 255.255.255.255 -j DROP 
> -A OUTPUT -d 0.0.0.0 -j DROP 
> -A OUTPUT -m state --state INVALID -j DROP 
> -A OUTPUT -o eth0 -j OUTBOUND 
> -A OUTPUT -j LOG_FILTER 
> -A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6 
> -A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
> -A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 
> -A INBOUND -s 192.168.0.2 -j ACCEPT 
> -A INBOUND -s 192.168.0.2 -j ACCEPT 
> -A INBOUND -s 192.168.0.2 -j ACCEPT 
> -A INBOUND -s 192.168.0.2 -j ACCEPT 
> -A INBOUND -s 192.168.0.2 -j ACCEPT 
> -A INBOUND -s 174.129.35.126 -j ACCEPT 
> -A INBOUND -s 174.129.35.126 -j ACCEPT 
> -A INBOUND -s 174.129.35.126 -j ACCEPT 
> -A INBOUND -s 174.129.35.126 -p tcp -m tcp --dport 38009 -j ACCEPT 
> -A INBOUND -s 174.129.35.126 -p udp -m udp --dport 38009 -j ACCEPT 
> -A INBOUND -j LSI 
>   
What are the immediately above inbound connections about??? I thought I 
had my computer locked down to where there were no inbound connections 
allowed???


> -A LSI -j LOG_FILTER 
> -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6 
> -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP 
> -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6 
> -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP 
> -A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6 
> -A LSI -p icmp -m icmp --icmp-type 8 -j DROP 
> -A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6 
> -A LSI -j DROP 
> -A LSO -j LOG_FILTER 
> -A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6 
> -A LSO -j REJECT --reject-with icmp-port-unreachable 
> -A NR -s 0.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 1.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 2.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 5.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 7.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 10.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 23.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 27.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 31.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 36.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 37.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 39.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 42.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 49.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 50.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 100.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 101.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 102.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 103.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 104.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 105.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 106.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 107.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 108.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 109.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 110.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 111.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 112.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 113.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 114.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 115.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 127.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 169.254.0.0/255.255.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 172.16.0.0/255.240.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 173.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 174.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 175.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 176.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 177.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 178.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 179.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 180.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 181.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 182.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 183.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 184.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 185.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 186.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 187.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 192.0.2.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 192.168.0.0/255.255.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 197.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 198.18.0.0/255.254.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 223.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A NR -s 224.0.0.0/224.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LSI 
> -A OUTBOUND -p icmp -j ACCEPT 
> -A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
> -A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 
> -A OUTBOUND -p tcp -m tcp --dport 54321 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 54321 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 4899 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 4899 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 5500 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 5500 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 5800 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 5800 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 5900 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 5900 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6000 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6000 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6001 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6001 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 7777 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 7777 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 8080 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 8080 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 12345 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 12345 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 27374 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 27374 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 31337 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 31337 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 22 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 22 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 70 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 70 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 87 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 87 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 88 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 88 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 445 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 445 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 531 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 531 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 555 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 555 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 587 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 587 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 587 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 587 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 777 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 777 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 901 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 901 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 1001 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 1001 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 1243 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 1243 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 12345 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 12345 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 1999 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 1999 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 2000 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 2000 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 2583 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 2583 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 2989 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 2989 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 4899 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 4899 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 5800 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 5800 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 5900 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 5900 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6000 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6000 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6670 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6670 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6711 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6711 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6712 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6712 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6713 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6713 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6776 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6776 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 6969 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 6969 -j LSO 
> -A OUTBOUND -p tcp -m tcp --dport 7000 -j LSO 
> -A OUTBOUND -p udp -m udp --dport 7000 -j LSO 
> -A OUTBOUND -j ACCEPT 
> COMMIT
> # Completed on Thu Feb 25 06:06:30 2010
> ray at RaysComputer:~$ 
>   
Thanks for any help you can be.

> BTW: some posts ago, I asked you whether there's a packet filter active
> on your machine. You answered "no". How come?
>   
I don't even know what a packet filter is. How about a quick introduction?

Later, Ray Parrish

-- 
Linux dpkg Software Report script set..
http://www.rayslinks.com/LinuxdpkgSoftwareReport.html
Ray's Links, a variety of links to usefull things, and articles by Ray.
http://www.rayslinks.com
Writings of "The" Schizophrenic, what it's like to be a schizo, and other
things, including my poetry.
http://www.writingsoftheschizophrenic.com

More information about the ubuntu-users mailing list