[問題] iptables問題
我ping外網ping不同,但是能上網,在iptables -F或者iptable -X過後不能上網。
我的firestarter運行時候會出現,
Error reading /proc/net/ip_conntrack: 沒有那個文件或目錄
顯示不了聯網的程序。
而且在ubuntu12.10下不能關閉iptables,service iptables stop找不到iptables這個
服務,而且chkconfig | grep iptables也找不到。
以下是我的iptables -L輸出。
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ns.group.yfc anywhere tcpflags:!
FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns.group.yfc anywhere
ACCEPT tcp -- ns.wuhan.net.cn anywhere tcpflags:!
FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns.wuhan.net.cn anywhere
ACCEPT all -- anywhere anywhere
LSI udp -- anywhere anywhere udp dpt:33434
LSI icmp -- anywhere anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.1.255
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg
10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix "Unknown Input"
Chain FORWARD (policy DROP)
target prot opt source destination
LSI udp -- anywhere anywhere udp dpt:33434
LSI icmp -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix "Unknown Forward"
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.1.100 ns.group.yfc tcp dpt:domain
ACCEPT udp -- 192.168.1.100 ns.group.yfc udp dpt:domain
ACCEPT tcp -- 192.168.1.100 ns.wuhan.net.cn tcp dpt:domain
ACCEPT udp -- 192.168.1.100 ns.wuhan.net.cn udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix "Unknown Output"
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (6 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcpflags:
FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags:
FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcpflags:
FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags:
FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP icmp -- anywhere anywhere icmp
echo-request
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix "Inbound "
DROP all -- anywhere anywhere
Chain LSO (1 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix "Outbound "
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
LSO all -- anywhere anywhere
--
橫看成嶺側成峰,遠近高低各不同。
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 171.112.155.197
※ 編輯: walkriver 來自: 171.112.155.197 (12/05 17:57)
※ 編輯: walkriver 來自: 171.112.155.197 (12/05 17:58)
※ 編輯: walkriver 來自: 171.112.155.197 (12/05 18:36)
→
12/05 20:15, , 1F
12/05 20:15, 1F
→
12/05 20:17, , 2F
12/05 20:17, 2F
→
12/05 20:17, , 3F
12/05 20:17, 3F
→
12/05 20:20, , 4F
12/05 20:20, 4F
→
12/05 20:20, , 5F
12/05 20:20, 5F
→
12/05 20:21, , 6F
12/05 20:21, 6F
→
12/05 20:23, , 7F
12/05 20:23, 7F
→
12/05 20:24, , 8F
12/05 20:24, 8F