le B-A-BA du r

Sylvain

04/01/2015 à 22:51

didier wrote:

Le Sun, 04 Jan 2015 20:02:20 +0000, Sylvain a écrit :

Comme ça a été mentionné, peut-être un problème de pare-feu, sinon le
serveur ssh est-il bien lancé ? Que renvoient les commandes "arp" et "ip
route" ?

:~$ arp
Address HWtype HWaddress Flags
Mask Iface
routeur ether 00:0f:66:4d:0f:9c
C eth0
bipbip ether c4:17:fe:6d:c7:ad
C eth0
:~$ ip route
default via 192.168.1.1 dev eth0 proto static
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric
1

Les résultats de ces commandes n'indiquent rien d'anormal, pyrite sait
contacter bipbip. Du coup il est possible que ce soit un pare-feu mal
configuré (soit sur bipbip soit sur pyrite) qui pose problème.

Du coup deux autres questions:
- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

Pascal

04/01/2015 à 23:15

Le 04/01/2015 22:10, Nicolas George a écrit :

Christophe PEREZ , dans le message <m8c6gn$qql$, a
écrit :
Je serais allé plus loin avec un :
le démon sshd est-il lancé sur bipbip ?

Question prématurée étant donné le message d'erreur cité.

"no route to host" ne pourait pas être du au fait que bipbip n'écoute
pas sur le port 22 ?

Nicolas George

05/01/2015 à 00:22

Pascal , dans le message <54a9bb21$0$2337$, a
écrit :

"no route to host" ne pourait pas être du au fait que bipbip n'écoute
pas sur le port 22 ?

Non, c'est « Connection refused », ECONNREFUSED.

Christophe PEREZ

05/01/2015 à 05:38

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

Du coup deux autres questions:

J'y vais aussi de la mienne :
Je n'ai pas cru voir la réponse, bipbip est-il "pingable" par son nom ou
par son ip seulement ?

moi-meme

05/01/2015 à 10:02

Le Sun, 04 Jan 2015 19:30:14 +0000, didier a écrit :

Pour les imprimantes, il me semble qu'elles devraient être
automatiquement partagées par Samba.

non plus

partager cette imprimante au niveau du PC

ensuite cups ? (localhost:631)

didier

05/01/2015 à 16:17

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

Les résultats de ces commandes n'indiquent rien d'anormal, pyrite sait
contacter bipbip. Du coup il est possible que ce soit un pare-feu mal
configuré (soit sur bipbip soit sur pyrite) qui pose problème.

Pas impossible, les machines sont vieilles et ce reseau minimal
a fonctionné autrefois...

Du coup deux autres questions:
- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

vu de bipbip (long !) :
:~$ ping pyrite
PING pyrite (192.168.1.3) 56(84) bytes of data.
64 bytes from pyrite (192.168.1.3): icmp_seq=1 ttld time=3.34 ms
64 bytes from pyrite (192.168.1.3): icmp_seq=2 ttld time=1.62 ms
^C
--- pyrite ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.622/2.485/3.348/0.863 ms
:~$ sudo iptables -L
[sudo] password for didier:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_home all -- anywhere anywhere
FWDI_public all -- anywhere anywhere

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_home all -- anywhere anywhere
FWDO_public all -- anywhere anywhere

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_home (1 references)
target prot opt source destination
FWDI_home_log all -- anywhere anywhere
FWDI_home_deny all -- anywhere anywhere
FWDI_home_allow all -- anywhere anywhere

Chain FWDI_home_allow (1 references)
target prot opt source destination

Chain FWDI_home_deny (1 references)
target prot opt source destination

Chain FWDI_home_log (1 references)
target prot opt source destination

Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_external (0 references)
target prot opt source destination
FWDO_external_log all -- anywhere anywhere
FWDO_external_deny all -- anywhere anywhere
FWDO_external_allow all -- anywhere anywhere

Chain FWDO_external_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FWDO_external_deny (1 references)
target prot opt source destination

Chain FWDO_external_log (1 references)
target prot opt source destination

Chain FWDO_home (1 references)
target prot opt source destination
FWDO_home_log all -- anywhere anywhere
FWDO_home_deny all -- anywhere anywhere
FWDO_home_allow all -- anywhere anywhere

Chain FWDO_home_allow (1 references)
target prot opt source destination

Chain FWDO_home_deny (1 references)
target prot opt source destination

Chain FWDO_home_log (1 references)
target prot opt source destination

Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_home all -- anywhere anywhere
IN_public all -- anywhere anywhere

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_dmz (0 references)
target prot opt source destination
IN_dmz_log all -- anywhere anywhere
IN_dmz_deny all -- anywhere anywhere
IN_dmz_allow all -- anywhere anywhere

Chain IN_dmz_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_dmz_deny (1 references)
target prot opt source destination

Chain IN_dmz_log (1 references)
target prot opt source destination

Chain IN_external (0 references)
target prot opt source destination
IN_external_log all -- anywhere anywhere
IN_external_deny all -- anywhere anywhere
IN_external_allow all -- anywhere anywhere

Chain IN_external_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_external_deny (1 references)
target prot opt source destination

Chain IN_external_log (1 references)
target prot opt source destination

Chain IN_home (1 references)
target prot opt source destination
IN_home_log all -- anywhere anywhere
IN_home_deny all -- anywhere anywhere
IN_home_allow all -- anywhere anywhere

Chain IN_home_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_home_deny (1 references)
target prot opt source destination

Chain IN_home_log (1 references)
target prot opt source destination

Chain IN_internal (0 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere

Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target prot opt source destination

Chain IN_internal_log (1 references)
target prot opt source destination

Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_trusted (0 references)
target prot opt source destination
IN_trusted_log all -- anywhere anywhere
IN_trusted_deny all -- anywhere anywhere
IN_trusted_allow all -- anywhere anywhere

Chain IN_trusted_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_trusted_deny (1 references)
target prot opt source destination

Chain IN_trusted_log (1 references)
target prot opt source destination

Chain IN_work (0 references)
target prot opt source destination
IN_work_log all -- anywhere anywhere
IN_work_deny all -- anywhere anywhere
IN_work_allow all -- anywhere anywhere

Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_work_deny (1 references)
target prot opt source destination

Chain IN_work_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
:~$ 0 1

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

Les résultats de ces commandes n'indiquent rien d'anormal, pyrite sait
contacter bipbip. Du coup il est possible que ce soit un pare-feu mal
configuré (soit sur bipbip soit sur pyrite) qui pose problème.

Pas impossible, les machines sont vieilles et ce reseau minimal
a fonctionné autrefois...

Du coup deux autres questions:
- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

vu de bipbip (long !) :
didier@bipbip:~$ ping pyrite
PING pyrite (192.168.1.3) 56(84) bytes of data.
64 bytes from pyrite (192.168.1.3): icmp_seq=1 ttld time=3.34 ms
64 bytes from pyrite (192.168.1.3): icmp_seq=2 ttld time=1.62 ms
^C
--- pyrite ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.622/2.485/3.348/0.863 ms
didier@bipbip:~$ sudo iptables -L
[sudo] password for didier:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_home all -- anywhere anywhere
FWDI_public all -- anywhere anywhere

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_home all -- anywhere anywhere
FWDO_public all -- anywhere anywhere

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_home (1 references)
target prot opt source destination
FWDI_home_log all -- anywhere anywhere
FWDI_home_deny all -- anywhere anywhere
FWDI_home_allow all -- anywhere anywhere

Chain FWDI_home_allow (1 references)
target prot opt source destination

Chain FWDI_home_deny (1 references)
target prot opt source destination

Chain FWDI_home_log (1 references)
target prot opt source destination

Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_external (0 references)
target prot opt source destination
FWDO_external_log all -- anywhere anywhere
FWDO_external_deny all -- anywhere anywhere
FWDO_external_allow all -- anywhere anywhere

Chain FWDO_external_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FWDO_external_deny (1 references)
target prot opt source destination

Chain FWDO_external_log (1 references)
target prot opt source destination

Chain FWDO_home (1 references)
target prot opt source destination
FWDO_home_log all -- anywhere anywhere
FWDO_home_deny all -- anywhere anywhere
FWDO_home_allow all -- anywhere anywhere

Chain FWDO_home_allow (1 references)
target prot opt source destination

Chain FWDO_home_deny (1 references)
target prot opt source destination

Chain FWDO_home_log (1 references)
target prot opt source destination

Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_home all -- anywhere anywhere
IN_public all -- anywhere anywhere

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_dmz (0 references)
target prot opt source destination
IN_dmz_log all -- anywhere anywhere
IN_dmz_deny all -- anywhere anywhere
IN_dmz_allow all -- anywhere anywhere

Chain IN_dmz_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_dmz_deny (1 references)
target prot opt source destination

Chain IN_dmz_log (1 references)
target prot opt source destination

Chain IN_external (0 references)
target prot opt source destination
IN_external_log all -- anywhere anywhere
IN_external_deny all -- anywhere anywhere
IN_external_allow all -- anywhere anywhere

Chain IN_external_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_external_deny (1 references)
target prot opt source destination

Chain IN_external_log (1 references)
target prot opt source destination

Chain IN_home (1 references)
target prot opt source destination
IN_home_log all -- anywhere anywhere
IN_home_deny all -- anywhere anywhere
IN_home_allow all -- anywhere anywhere

Chain IN_home_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_home_deny (1 references)
target prot opt source destination

Chain IN_home_log (1 references)
target prot opt source destination

Chain IN_internal (0 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere

Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target prot opt source destination

Chain IN_internal_log (1 references)
target prot opt source destination

Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_trusted (0 references)
target prot opt source destination
IN_trusted_log all -- anywhere anywhere
IN_trusted_deny all -- anywhere anywhere
IN_trusted_allow all -- anywhere anywhere

Chain IN_trusted_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_trusted_deny (1 references)
target prot opt source destination

Chain IN_trusted_log (1 references)
target prot opt source destination

Chain IN_work (0 references)
target prot opt source destination
IN_work_log all -- anywhere anywhere
IN_work_deny all -- anywhere anywhere
IN_work_allow all -- anywhere anywhere

Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_work_deny (1 references)
target prot opt source destination

Chain IN_work_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
didier@bipbip:~$ 0 1

Vous avez filtré cet utilisateur ! Consultez son message

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

Les résultats de ces commandes n'indiquent rien d'anormal, pyrite sait
contacter bipbip. Du coup il est possible que ce soit un pare-feu mal
configuré (soit sur bipbip soit sur pyrite) qui pose problème.

Pas impossible, les machines sont vieilles et ce reseau minimal
a fonctionné autrefois...

Du coup deux autres questions:
- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

vu de bipbip (long !) :
:~$ ping pyrite
PING pyrite (192.168.1.3) 56(84) bytes of data.
64 bytes from pyrite (192.168.1.3): icmp_seq=1 ttld time=3.34 ms
64 bytes from pyrite (192.168.1.3): icmp_seq=2 ttld time=1.62 ms
^C
--- pyrite ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.622/2.485/3.348/0.863 ms
:~$ sudo iptables -L
[sudo] password for didier:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_home all -- anywhere anywhere
FWDI_public all -- anywhere anywhere

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_home all -- anywhere anywhere
FWDO_public all -- anywhere anywhere

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_home (1 references)
target prot opt source destination
FWDI_home_log all -- anywhere anywhere
FWDI_home_deny all -- anywhere anywhere
FWDI_home_allow all -- anywhere anywhere

Chain FWDI_home_allow (1 references)
target prot opt source destination

Chain FWDI_home_deny (1 references)
target prot opt source destination

Chain FWDI_home_log (1 references)
target prot opt source destination

Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_external (0 references)
target prot opt source destination
FWDO_external_log all -- anywhere anywhere
FWDO_external_deny all -- anywhere anywhere
FWDO_external_allow all -- anywhere anywhere

Chain FWDO_external_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FWDO_external_deny (1 references)
target prot opt source destination

Chain FWDO_external_log (1 references)
target prot opt source destination

Chain FWDO_home (1 references)
target prot opt source destination
FWDO_home_log all -- anywhere anywhere
FWDO_home_deny all -- anywhere anywhere
FWDO_home_allow all -- anywhere anywhere

Chain FWDO_home_allow (1 references)
target prot opt source destination

Chain FWDO_home_deny (1 references)
target prot opt source destination

Chain FWDO_home_log (1 references)
target prot opt source destination

Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_home all -- anywhere anywhere
IN_public all -- anywhere anywhere

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_dmz (0 references)
target prot opt source destination
IN_dmz_log all -- anywhere anywhere
IN_dmz_deny all -- anywhere anywhere
IN_dmz_allow all -- anywhere anywhere

Chain IN_dmz_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_dmz_deny (1 references)
target prot opt source destination

Chain IN_dmz_log (1 references)
target prot opt source destination

Chain IN_external (0 references)
target prot opt source destination
IN_external_log all -- anywhere anywhere
IN_external_deny all -- anywhere anywhere
IN_external_allow all -- anywhere anywhere

Chain IN_external_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_external_deny (1 references)
target prot opt source destination

Chain IN_external_log (1 references)
target prot opt source destination

Chain IN_home (1 references)
target prot opt source destination
IN_home_log all -- anywhere anywhere
IN_home_deny all -- anywhere anywhere
IN_home_allow all -- anywhere anywhere

Chain IN_home_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_home_deny (1 references)
target prot opt source destination

Chain IN_home_log (1 references)
target prot opt source destination

Chain IN_internal (0 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere

Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target prot opt source destination

Chain IN_internal_log (1 references)
target prot opt source destination

Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_trusted (0 references)
target prot opt source destination
IN_trusted_log all -- anywhere anywhere
IN_trusted_deny all -- anywhere anywhere
IN_trusted_allow all -- anywhere anywhere

Chain IN_trusted_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_trusted_deny (1 references)
target prot opt source destination

Chain IN_trusted_log (1 references)
target prot opt source destination

Chain IN_work (0 references)
target prot opt source destination
IN_work_log all -- anywhere anywhere
IN_work_deny all -- anywhere anywhere
IN_work_allow all -- anywhere anywhere

Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_work_deny (1 references)
target prot opt source destination

Chain IN_work_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
:~$ 0 1

didier

05/01/2015 à 16:23

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

un escalier plus tard, chez pyrite (long aussi !:
:~$ ping bipbip
PING bipbip (192.168.1.2) 56(84) bytes of data.
64 bytes from bipbip (192.168.1.2): icmp_seq=1 ttld time.9 ms
64 bytes from bipbip (192.168.1.2): icmp_seq=2 ttld time=1.57 ms
^C
--- bipbip ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.573/7.758/13.944/6.186 ms
:~$ sudo iptables -L
[sudo] password for dd:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere
FWDI_public all -- anywhere anywhere

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere
FWDO_public all -- anywhere anywhere

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_external (0 references)
target prot opt source destination
FWDO_external_log all -- anywhere anywhere
FWDO_external_deny all -- anywhere anywhere
FWDO_external_allow all -- anywhere anywhere

Chain FWDO_external_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FWDO_external_deny (1 references)
target prot opt source destination

Chain FWDO_external_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere
IN_public all -- anywhere anywhere

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_dmz (0 references)
target prot opt source destination
IN_dmz_log all -- anywhere anywhere
IN_dmz_deny all -- anywhere anywhere
IN_dmz_allow all -- anywhere anywhere

Chain IN_dmz_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_dmz_deny (1 references)
target prot opt source destination

Chain IN_dmz_log (1 references)
target prot opt source destination

Chain IN_external (0 references)
target prot opt source destination
IN_external_log all -- anywhere anywhere
IN_external_deny all -- anywhere anywhere
IN_external_allow all -- anywhere anywhere

Chain IN_external_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_external_deny (1 references)
target prot opt source destination

Chain IN_external_log (1 references)
target prot opt source destination

Chain IN_home (0 references)
target prot opt source destination
IN_home_log all -- anywhere anywhere
IN_home_deny all -- anywhere anywhere
IN_home_allow all -- anywhere anywhere

Chain IN_home_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_home_deny (1 references)
target prot opt source destination

Chain IN_home_log (1 references)
target prot opt source destination

Chain IN_internal (0 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere

Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target prot opt source destination

Chain IN_internal_log (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_work (0 references)
target prot opt source destination
IN_work_log all -- anywhere anywhere
IN_work_deny all -- anywhere anywhere
IN_work_allow all -- anywhere anywhere

Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW

Chain IN_work_deny (1 references)
target prot opt source destination

Chain IN_work_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
:~$

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

un escalier plus tard, chez pyrite (long aussi !:
dd@pyrite:~$ ping bipbip
PING bipbip (192.168.1.2) 56(84) bytes of data.
64 bytes from bipbip (192.168.1.2): icmp_seq=1 ttld time.9 ms
64 bytes from bipbip (192.168.1.2): icmp_seq=2 ttld time=1.57 ms
^C
--- bipbip ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.573/7.758/13.944/6.186 ms
dd@pyrite:~$ sudo iptables -L
[sudo] password for dd:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere
FWDI_public all -- anywhere anywhere

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere
FWDO_public all -- anywhere anywhere

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_external (0 references)
target prot opt source destination
FWDO_external_log all -- anywhere anywhere
FWDO_external_deny all -- anywhere anywhere
FWDO_external_allow all -- anywhere anywhere

Chain FWDO_external_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FWDO_external_deny (1 references)
target prot opt source destination

Chain FWDO_external_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere
IN_public all -- anywhere anywhere

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_dmz (0 references)
target prot opt source destination
IN_dmz_log all -- anywhere anywhere
IN_dmz_deny all -- anywhere anywhere
IN_dmz_allow all -- anywhere anywhere

Chain IN_dmz_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_dmz_deny (1 references)
target prot opt source destination

Chain IN_dmz_log (1 references)
target prot opt source destination

Chain IN_external (0 references)
target prot opt source destination
IN_external_log all -- anywhere anywhere
IN_external_deny all -- anywhere anywhere
IN_external_allow all -- anywhere anywhere

Chain IN_external_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_external_deny (1 references)
target prot opt source destination

Chain IN_external_log (1 references)
target prot opt source destination

Chain IN_home (0 references)
target prot opt source destination
IN_home_log all -- anywhere anywhere
IN_home_deny all -- anywhere anywhere
IN_home_allow all -- anywhere anywhere

Chain IN_home_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_home_deny (1 references)
target prot opt source destination

Chain IN_home_log (1 references)
target prot opt source destination

Chain IN_internal (0 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere

Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target prot opt source destination

Chain IN_internal_log (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_work (0 references)
target prot opt source destination
IN_work_log all -- anywhere anywhere
IN_work_deny all -- anywhere anywhere
IN_work_allow all -- anywhere anywhere

Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW

Chain IN_work_deny (1 references)
target prot opt source destination

Chain IN_work_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
dd@pyrite:~$

Vous avez filtré cet utilisateur ! Consultez son message

Le Sun, 04 Jan 2015 21:51:25 +0000, Sylvain a écrit :

- bipbip arrive t-il à contacter pyrite ?
- que retourne la commande "sudo iptables -L" sur les deux machine ?

un escalier plus tard, chez pyrite (long aussi !:
:~$ ping bipbip
PING bipbip (192.168.1.2) 56(84) bytes of data.
64 bytes from bipbip (192.168.1.2): icmp_seq=1 ttld time.9 ms
64 bytes from bipbip (192.168.1.2): icmp_seq=2 ttld time=1.57 ms
^C
--- bipbip ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.573/7.758/13.944/6.186 ms
:~$ sudo iptables -L
[sudo] password for dd:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere
anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere
FWDI_public all -- anywhere anywhere

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere
FWDO_public all -- anywhere anywhere

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_external (0 references)
target prot opt source destination
FWDO_external_log all -- anywhere anywhere
FWDO_external_deny all -- anywhere anywhere
FWDO_external_allow all -- anywhere anywhere

Chain FWDO_external_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FWDO_external_deny (1 references)
target prot opt source destination

Chain FWDO_external_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere
IN_public all -- anywhere anywhere

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_dmz (0 references)
target prot opt source destination
IN_dmz_log all -- anywhere anywhere
IN_dmz_deny all -- anywhere anywhere
IN_dmz_allow all -- anywhere anywhere

Chain IN_dmz_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_dmz_deny (1 references)
target prot opt source destination

Chain IN_dmz_log (1 references)
target prot opt source destination

Chain IN_external (0 references)
target prot opt source destination
IN_external_log all -- anywhere anywhere
IN_external_deny all -- anywhere anywhere
IN_external_allow all -- anywhere anywhere

Chain IN_external_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_external_deny (1 references)
target prot opt source destination

Chain IN_external_log (1 references)
target prot opt source destination

Chain IN_home (0 references)
target prot opt source destination
IN_home_log all -- anywhere anywhere
IN_home_deny all -- anywhere anywhere
IN_home_allow all -- anywhere anywhere

Chain IN_home_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_home_deny (1 references)
target prot opt source destination

Chain IN_home_log (1 references)
target prot opt source destination

Chain IN_internal (0 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere

Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target prot opt source destination

Chain IN_internal_log (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_work (0 references)
target prot opt source destination
IN_work_log all -- anywhere anywhere
IN_work_deny all -- anywhere anywhere
IN_work_allow all -- anywhere anywhere

Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ctstate NEW

Chain IN_work_deny (1 references)
target prot opt source destination

Chain IN_work_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
:~$

Sylvain

05/01/2015 à 18:56

Bonjour,

Je pense que fwbuilder a rajouté plein de règles iptables qui doit
bloquer le trafic SSH ...

Est-ce qu'en exécutant les commandes "iptables -F" sur les deux
machines, la connexion fonctionne ? (et pour la configuration d'un
pare-feu, le mieux est *à mon avis* de se plonger dans la documentation
iptables pour se concocter un pare-feu aux petits oignons plûtot que de
passer par une interface graphique dont on ne maîtrise pas trop la
configuration).

didier

05/01/2015 à 20:59

Le Mon, 05 Jan 2015 17:56:30 +0000, Sylvain a écrit :

Bonjour,
Est-ce qu'en exécutant les commandes "iptables -F" sur les deux
machines, la connexion fonctionne ?

Hélas non. j'ai toujours
:~$ ssh
ssh: connect to host pyrite port 22: Connection refused
et même
:~$ ssh
ssh: connect to host bipbip port 22: Connection refused
par contre la réponse à "iptables -L" s'est simplifiée (je
ne mets que le début) :
:/home/dd$ sudo
[sudo] password for didier:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD_IN_ZONES (0 references)
target prot opt source destination

(et pour la configuration d'un
pare-feu, le mieux est *à mon avis* de se plonger dans la documentation
iptables pour se concocter un pare-feu aux petits oignons plûtot que de
passer par une interface graphique dont on ne maîtrise pas trop la
configuration).

complètement d'accord, mais il me faut commencer à comprendre la
mécanique.

Nicolas George

05/01/2015 à 22:25

plapla , dans le message <54aaf89b$0$12763$, a
écrit :

Salut,
il semblerait que tu progresses, au moins sur ssh.

J'en conclus (de l'extérieur et je peux me tromper ! ) que tu as
maintenant réussi à essayer de te connecter sur ton serveur bipbip en
ssh, mais qu'il te ferme la porte au nez:
-soit il y a encore un FW (sur bipbip ? ) qui bloque...
-soit tu n'as pas installé encore de serveur ssh sur bipbip, ce qui
explique pourquoi la machine a le port fermé...
Au cas où "sudo apt-get install openssh-server" devrait te faire avancer
si tu es sur une debian-ubuntu-mint.....

Même diagnostic de mon point de vue. Et le firewall qui bloquerait comme ça
me semble très improbable, a fortiori après un iptables -F, donc la seconde
option semble plus plausible.

le B-A-BA du r

10 réponses

Veuillez sélectionner un problème