Iptables Drop rule - strange behaviour

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Hi,

I have the below setup for my firewall and i am using iptables 1.4.9.1 v


Client PC (eth0, 172.31.114.239)--------------(eth0 172.31.114.252)
Firewall Router (eth1, 10.2.2.2)--------------------Network PC
(10.2.2.1)

I have set the default policy as accept for my testing purpose. My aim
is to prevent ssh from Client PC to Network PC. But allow ssh from
Network PC to Client PC.

I have the following iptables rule

iptables -nvL

Chain INPUT (policy ACCEPT 744 packets, 46652 bytes)

 pkts bytes target     prot opt in     out     source               destination

 9989  780K ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0           state RELATED,ESTABLISHED


 Chain FORWARD (policy ACCEPT 3 packets, 180 bytes)

 pkts bytes target     prot opt in     out     source               destination

    82 17854 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0           state RELATED,ESTABLISHED

    11   660 DROP       tcp  --  *      eth1    0.0.0.0/0
0.0.0.0/0           source IP range 172.31.114.1-172.31.114.254 tcp
spts:2:65535 dpt:22 destination IP range 10.2.2.1-10.2.2.254


 Chain OUTPUT (policy ACCEPT 1741 packets, 149K bytes)

 pkts bytes target     prot opt in     out     source               destination
     0     0 DROP       tcp  --  *      eth1    0.0.0.0/0
0.0.0.0/0           source IP range 172.31.114.1-172.31.114.254 tcp
spt:22 dpts:2:65535 destination IP range 10.2.2.1-10.2.2.254

 Observations
 -------------------

1. Ssh from Network PC to client PC  --- ssh successful as expected
2. ssh from client pc to Network PC ---- ssh blocked as expected
3.  Again ssh from Network PC to client PC  --- ssh  blocked which was
not expected.
4. If i randomly insert some rules which has no relevance to ssh, and
do step 1 alone again - ssh sucessful
5.  Again do step 2 followed by step -- ssh blocked ..problem.

 Please help or any idea will be very much appreciated

Also, noted that if i have a ssh rule to deny from client PC to
network PC. If i do ftp, it is fine. But if i do ssh followed by ftp,
ftp doesnt work. please note that default policy is accept all. I did
not add or delete rules in between.


thanks and regards
sreejith
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Kernel Development]     [Linux Resources]     [Advanced Routing & Traffice Control]     [Bugtraq]     [Free Internet Dating]     [Yosemite Forum]     [Photos]

Add to Google Powered by Linux