Problem with iptables and/or portmap

[Gnurfos]

Hello,

Following a reboot last sunday, I lost acces to the network. I don't know precisely what broke it, because I was installing various things at that time.
More precisely:

Code:

> sudo ping 212.27.40.240
PING 212.27.40.240 (212.27.40.240) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

After a bit of searching, I found that my iptables config had changed to (well I only guess it has changed):

Code:

> sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
LOG        all  --  loopback/8           anywhere            LOG level warning 
DROP       all  --  loopback/8           anywhere            
LOG        all  --  anywhere             anywhere            LOG level warning 
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            LOG level warning 
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere            LOG level warning 
DROP       all  --  anywhere             anywhere

I don't know what it was before, but a solution to the problem seems to do:

Code:

sudo iptables -F           
sudo iptables -X   
sudo iptables -P OUTPUT ACCEPT         
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

The problem is that:
- I don't know why this config changed
- I have to do this trick after every reboot, and I don't know a clean way to automatize this
- If I fo this trick, the following shutdown takes forever to complete. More precisely, it's blocking at the "stopping portmap daemon" step. I found out, by running it separately, that pmap_dump takes 6 minutes to complete and produces no output.

Any help would be much welcome, and please excuse my bad wordings (both in english and linux).
Thank !

[hexcode]

on which distribution are you working on, this looks like you have installed some iptables based firewall pack(shorewall etc or redhat firewall) if so disable that service from services and firewall will not be there at next reboot

[Gnurfos]

Hi,

I don't think I have a firewall running, unless it has a strange name

Code:

#sudo ps -e | egrep -i 'fire|wall|net' 
 3114 ?        00:00:00 inetd
 3208 ?        00:00:00 NetworkManager
 3216 ?        00:00:00 NetworkManagerD
 3584 ?        00:00:44 firefox-bin

Also, I cannot find out where this iptable config is coming from at every boot:

#sudo grep -R iptables /etc/init.d
#

Maybe there are some other startup scripts places, but I'm not familiar with Linux yet. I'm running a "lenny"/testing Debian.

Thanks !

[hexcode]

pls provide output of ls /etc/init.d/

[Gnurfos]

Here it is:

Code:

#ls -ltr /etc/init.d 
total 384
-rwxr-xr-x 1 root root   117 2005-12-02 18:44 rcS
-rwxr-xr-x 1 root root  1046 2006-09-15 20:03 ifupdown-clean
-rwxr-xr-x 1 root root  2518 2006-09-15 20:03 ifupdown
-rw-r--r-- 1 root root  1510 2007-12-26 16:23 README
-rwxr-xr-x 1 root root   946 2008-01-27 06:34 atd
-rwxr-xr-x 1 root root  1301 2008-03-10 02:14 anacron
-rwxr-xr-x 1 root root  2565 2008-03-14 01:52 cron
-rwxr-xr-x 1 root root  1777 2008-03-24 00:26 x11-common
-rwxr-xr-x 1 root root  7195 2008-03-28 00:22 glibc.sh
-rwxr-xr-x 1 root root  2476 2008-04-01 23:31 jabber
-rwxr-xr-x 1 root root  1793 2008-04-05 04:05 module-init-tools
-rwxr-xr-x 1 root root  2594 2008-04-05 12:23 avahi-daemon
-rwxr-xr-x 1 root root  2299 2008-04-05 15:46 uml-utilities
-rwxr-xr-x 1 root root  1505 2008-04-06 16:23 dhcdbd
-rwxr-xr-x 1 root root  1144 2008-04-08 01:14 procps
-rwxr-xr-x 1 root root  1547 2008-04-08 13:42 kerneloops
-rwxr-xr-x 1 root root  1815 2008-04-12 09:52 urandom
-rwxr-xr-x 1 root root  2140 2008-04-12 09:52 umountnfs.sh
-rwxr-xr-x 1 root root  3175 2008-04-12 09:52 umountfs
-rwxr-xr-x 1 root root  1096 2008-04-12 09:52 stop-bootlogd-single
-rwxr-xr-x 1 root root   525 2008-04-12 09:52 stop-bootlogd
-rwxr-xr-x 1 root root   590 2008-04-12 09:52 single
-rwxr-xr-x 1 root root   941 2008-04-12 09:52 rmnologin
-rwxr-xr-x 1 root root   639 2008-04-12 09:52 reboot
-rwxr-xr-x 1 root root   788 2008-04-12 09:52 rc.local
-rwxr-xr-x 1 root root  3668 2008-04-12 09:52 mtab.sh
-rwxr-xr-x 1 root root  1321 2008-04-12 09:52 mountoverflowtmp
-rwxr-xr-x 1 root root  2330 2008-04-12 09:52 mountnfs.sh
-rwxr-xr-x 1 root root   618 2008-04-12 09:52 mountnfs-bootclean.sh
-rwxr-xr-x 1 root root  2476 2008-04-12 09:52 mountkernfs.sh
-rwxr-xr-x 1 root root  2194 2008-04-12 09:52 mountdevsubfs.sh
-rwxr-xr-x 1 root root   620 2008-04-12 09:52 mountall-bootclean.sh
-rwxr-xr-x 1 root root  1484 2008-04-12 09:52 killprocs
-rwxr-xr-x 1 root root  1287 2008-04-12 09:52 hostname.sh
-rwxr-xr-x 1 root root  1329 2008-04-12 09:52 halt
-rwxr-xr-x 1 root root  9831 2008-04-12 09:52 checkroot.sh
-rwxr-xr-x 1 root root  2155 2008-04-12 09:52 bootlogd
-rwxr-xr-x 1 root root  6032 2008-04-15 22:42 console-screen.sh
-rwxr-xr-x 1 root root  2330 2008-04-20 16:07 openbsd-inetd
-rwxr-xr-x 1 root root  4521 2008-04-29 04:36 hwclock.sh
-rwxr-xr-x 1 root root  4528 2008-04-29 04:36 hwclockfirst.sh
-rwxr-xr-x 1 root root  4714 2008-04-30 00:43 setserial
-rwxr-xr-x 1 root root  1870 2008-04-30 00:43 etc-setserial
-rwxr-xr-x 1 root root  2592 2008-05-04 08:08 irda-utils
-rwxr-xr-x 1 root root  3777 2008-05-17 08:47 keymap.sh
-rwxr-xr-x 1 root root   474 2008-05-31 12:12 ipmasq-kmod
-rwxr-xr-x 1 root root   626 2008-05-31 12:12 ipmasq
-rwxr-xr-x 1 root root  2029 2008-06-12 11:44 portmap
-rwxr-xr-x 1 root root  2692 2008-06-20 12:08 sysklogd
-rwxr-xr-x 1 root root  1472 2008-06-20 12:08 klogd
-rwxr-xr-x 1 root root  8820 2008-06-25 14:30 alsa-utils
-rwxr-xr-x 1 root root  4215 2008-06-27 09:21 hotkey-setup
-rwxr-xr-x 1 root root  1732 2008-07-05 15:37 network-manager-dispatcher
-rwxr-xr-x 1 root root  1760 2008-07-05 15:37 network-manager
-rwxr-xr-x 1 root root   515 2008-07-06 09:36 sudo
-rwxr-xr-x 1 root root  5964 2008-07-14 12:24 nfs-common
-rwxr-xr-x 1 root root  7172 2008-07-19 13:07 loadcpufreq
-rwxr-xr-x 1 root root  2489 2008-07-19 13:07 cpufrequtils
-rwxr-xr-x 1 root root  2611 2008-07-24 10:44 system-tools-backends
-rwxr-xr-x 1 root root  1844 2008-07-26 01:02 networking
-rwxr-xr-x 1 root root  4546 2008-07-31 01:39 dbus
-rwxr-xr-x 1 root root 10036 2008-08-12 14:33 rc
-rwxr-xr-x 1 root root  1456 2008-08-12 16:20 umountroot
-rw-r--r-- 1 root root  4167 2008-08-12 16:20 skeleton
-rwxr-xr-x 1 root root  2283 2008-08-12 16:20 sendsigs
-rwxr-xr-x 1 root root  1956 2008-08-12 16:20 mountall.sh
-rwxr-xr-x 1 root root  3004 2008-08-12 16:20 checkfs.sh
-rwxr-xr-x 1 root root  1988 2008-08-12 16:20 bootmisc.sh
-rwxr-xr-x 1 root root  1489 2008-08-20 13:04 fglrx-driver
-rwxr-xr-x 1 root root  2345 2008-08-20 15:49 gdm
-rwxr-xr-x 1 root root  2324 2008-09-01 13:57 wpa-ifupdown
-rwxr-xr-x 1 root root  2526 2008-09-02 09:20 cups
-rwxr-xr-x 1 root root  2517 2008-09-02 20:54 policycoreutils
-rwxr-xr-x 1 root root  1001 2008-09-19 03:23 udev-mtab
-rwxr-xr-x 1 root root  7473 2008-09-19 03:23 udev
-rwxr-xr-x 1 root root  3201 2008-09-24 13:08 acpid
-rwxr-xr-x 1 root root  6593 2008-09-30 20:53 exim4
-rwxr-xr-x 1 root root  2090 2008-10-09 08:58 hal

Thanks for looking at my case !

[hexcode]

following servies appears to be starting iptables
ipmasq-kmod
ipmasq
use the following command to stop then them and check the status
/etc/init.d/ipmasq stop
it is automatic firewall which comes with debian does it solve

[Gnurfos]

Hi,


Yes it does solve the problem, although there were no 'ipmasq' processes running (I must be confusing something here) !

It's even better than forcing the iptables like I did, because it solves the " long pmap_dump" problem.

However, this leaves me with iptables rules that allow everything. Is this the default configuration ? I feel not much protected (I run a computer behind a simple modem).

Also, I still have to do it at every boot. Can that come from those links ?:

Code:

/etc/rcS.d/S41ipmasq
/etc/rcS.d/S42ipmasq-kmod

Is it safe to "uninstall" them ? Is is done by simply removing them ?

Thanks, I feel my matter is progressing !

[hexcode]

please read through this to secure your system and to know more about debian firewall
Securing Debian Manual - Securing services running on your system

[Gnurfos]

I'll read all of it ! This looks very interesting and accessible to me, surprisingly.
I'm regaining hope of understanding how this system works

Thanks a lot.