Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.
FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции IPV6
Введите FGHI ссылку:


Присутствуют сообщения из эхоконференции IPV6 с датами от 31 Jul 11 14:37:00 до 01 Apr 24 00:03:00, всего сообщений: 7402
Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение
= Сообщение: 5618 из 7402 ============================================= IPV6 =
От   : Benny Pedersen                   2:230/0            27 Jul 18 11:30:36
Кому : michael pierce                                      27 Jul 18 11:30:36
Тема : New one in the making
FGHI : area://IPV6?msgid=2:230/0+5b5b0395
На   : area://IPV6?msgid=1:340/201.1+5adde255
= Кодировка сообщения определена как: LATIN1 =================================
==============================================================================
Hello michael!

23 Apr 2018 06:40, michael pierce wrote to All:

Mvd>>  75  1:340/201    Michael Pierce         Native  ComCast       OO

Mvd>> At the moment he is outgoing only. It would appear that he has
Mvd>> firewall issues.

mp> if I disable IPV6 firewall. everything works

if thats the case you need another firewall setup

i post here shorewall6 show

   ----- ipv6 begins -----
Shorewall6 5.2.0.4 filter Table at localhost - Fri Jul 27 11:29:03 UTC 2018

Counters reset Wed Jul 25 19:50:32 UTC 2018

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
10094   17M net-fw     all      eth0   *       ::/0                 ::/0                
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0                
    0     0 AllowICMPs  icmpv6   *      *       ::/0                 ::/0                
    0     0 Broadcast  all     *      *       ::/0                 ::/0                
    0     0 DROP       all     *      *       ::/0                 ff00::/8            
    0     0 LOG        all     *      *       ::/0                 ::/0                 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT REJECT "
    0     0 reject     all     *      *       ::/0                 ::/0                [goto]

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 AllowICMPs  icmpv6   *      *       ::/0                 ::/0                
    0     0 Broadcast  all     *      *       ::/0                 ::/0                
    0     0 DROP       all     *      *       ::/0                 ff00::/8            
    0     0 LOG        all     *      *       ::/0                 ::/0                 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "FORWARD REJECT "
    0     0 reject     all     *      *       ::/0                 ::/0                [goto]

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
 4731 1375K ACCEPT     all      *      eth0    ::/0                 ::/0                
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0                
    0     0 AllowICMPs  icmpv6   *      *       ::/0                 ::/0                
    0     0 Broadcast  all     *      *       ::/0                 ::/0                
    0     0 DROP       all     *      *       ::/0                 ff00::/8            
    0     0 LOG        all     *      *       ::/0                 ::/0                 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "OUTPUT REJECT "
    0     0 reject     all     *      *       ::/0                 ::/0                [goto]

Chain AllowICMPs (4 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */
 4827  502K ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */
  406 29232 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */
  417 30024 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       ::/0                 ::/0                 ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */
    0     0 ACCEPT     icmpv6   *      *       fe80::/10            ::/0                 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */

Chain Broadcast (4 references)
 pkts bytes target     prot opt in     out     source               destination        

Chain logflags (7 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 LOG        all     *      *       ::/0                 ::/0                 limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP "
    0     0 DROP       all     *      *       ::/0                 ::/0                

Chain net-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination        
 4423   17M tcpflags   tcp     *      *       ::/0                 ::/0                
 4306   17M ACCEPT     all     *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
   92  7360 ACCEPT     tcp     *      *       ::/0                 ::/0                 multiport dports 24554,21 /* BINKD, FTP */
 5651  561K AllowICMPs  icmpv6   *      *       ::/0                 ::/0                
   44  3440 Broadcast  all     *      *       ::/0                 ::/0                
   44  3440 DROP       all     *      *       ::/0                 ::/0                

Chain reject (3 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 DROP       all     *      *       ff00::/8             ::/0                
    0     0 DROP       2       *      *       ::/0                 ::/0                
    0     0 REJECT     tcp     *      *       ::/0                 ::/0                 reject-with tcp-reset
    0     0 REJECT     udp     *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable
    0     0 REJECT     icmpv6   *      *       ::/0                 ::/0                 reject-with icmp6-addr-unreachable
    0     0 REJECT     all     *      *       ::/0                 ::/0                 reject-with icmp6-adm-prohibited

Chain sha-lh-634e06816c9e1b9e44e8 (0 references)
 pkts bytes target     prot opt in     out     source               destination        

Chain sha-rh-a8ae74fbde81fb36695f (0 references)
 pkts bytes target     prot opt in     out     source               destination        

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0            all     *      *       ::/0                 ::/0                 recent: SET name: %CURRENTTIME side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Chain tcpflags (1 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp flags:0x3F/0x29
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp flags:0x3F/0x00
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp flags:0x06/0x06
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp flags:0x05/0x05
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp flags:0x03/0x03
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp flags:0x19/0x09
    0     0 logflags   tcp     *      *       ::/0                 ::/0                [goto]  tcp spt:0 flags:0x17/0x02
   ----- ipv6 ends -----

and to help ipv4 only nodes

   ----- ipv4 begins -----
Shorewall 5.2.0.4 filter Table at localhost - Fri Jul 27 11:30:04 UTC 2018

Counters reset Wed Jul 25 19:50:32 UTC 2018

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
34691   11M net-fw     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 LOG        all  -- *      *       0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT REJECT "
    0     0 reject     all  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 LOG        all  -- *      *       0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "FORWARD REJECT "
    0     0 reject     all  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
28670   16M ACCEPT     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0          
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 LOG        all  -- *      *       0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "OUTPUT REJECT "
    0     0 reject     all  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain logflags (7 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 LOG        all  -- *      *       0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP "
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0          

Chain net-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination        
28728 9904K tcpflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0          
29198   10M ACCEPT     all  -- *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  161  8908 ACCEPT     tcp  -- *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 24554,21 /* BINKD, FTP */
 5329  464K DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0          

Chain reject (3 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 DROP       all  -- *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
    0     0 DROP       all  -- *      *       224.0.0.0/4          0.0.0.0/0          
    0     0 DROP       2    -- *      *       0.0.0.0/0            0.0.0.0/0          
    0     0 REJECT     tcp  -- *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
    0     0 REJECT     udp  -- *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     icmp -- *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
    0     0 REJECT     all  -- *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain sha-lh-808ab60cd53e1b279efe (0 references)
 pkts bytes target     prot opt in     out     source               destination        

Chain sha-rh-38f33b07baed13723f96 (0 references)
 pkts bytes target     prot opt in     out     source               destination        

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0            all  -- *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain tcpflags (1 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x29
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x00
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x06/0x06
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x05/0x05
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x03/0x03
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x19/0x09
    0     0 logflags   tcp  -- *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp spt:0 flags:0x17/0x02
   ----- ipv4 ends -----

all firewalls works for me

mp> but I really don't want to have do that

+1

shorewall is my friend


 Regards Benny

... there can only be one way of life, and it works :)

--- Msged/LNX 6.1.2 (Linux/4.17.10-gentoo (x86_64))
* Origin: I will always keep a PC running CPM 3.0 (2:230/0)

К главной странице гейта
Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.044548 секунды