web-dev-qa-db-fra.com

Règles de pare-feu pour la transmission

J'ai la transmission installée, qui écoute sur le port par défaut 51413.

J'ai essayé de tout ouvrir pour ce port.

iptables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     icmp --  'Server IP'          anywhere             state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             state RELATED,ESTABLISHED icmp echo-reply
ACCEPT     udp  --  anywhere             anywhere             state RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootpc dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9091
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51413
ACCEPT     udp  --  anywhere             anywhere             udp dpt:51513
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:51413
ACCEPT     udp  --  anywhere             anywhere             udp spt:51413
LOGGING    all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ssh
ACCEPT     icmp --  anywhere             anywhere             state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             state RELATED,ESTABLISHED icmp echo-reply
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http 
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:9091
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:51413
ACCEPT     udp  --  anywhere             anywhere             udp spt:51413
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51413
ACCEPT     udp  --  anywhere             anywhere             udp dpt:51413
LOGGING    all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain LOGGING (2 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 12/min burst 5 LOG level warning prefix "FirewallDrops: "
DROP       all  --  anywhere             anywhere

Mais il ne laisse toujours pas passer le trafic.

Si je vide les tables:

iptables -F

cela fonctionne alors, alors j'imagine qu'il y a quelque chose qui me manque dans iptables.

Enregistrement de la sortie:

/var/log/kern.log:May  5 18:43:32 StretchSvr kernel: [    9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ] 
/var/log/kern.log:May  5 18:43:32 StretchSvr kernel: [    9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May  5 18:43:32 StretchSvr kernel: [    9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:45:01 StretchSvr kernel: [   98.435703] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2373 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2372 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ] 
/var/log/syslog:May  5 18:43:32 StretchSvr kernel: [    9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ] 
/var/log/syslog:May  5 18:43:32 StretchSvr kernel: [    9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:43:32 StretchSvr kernel: [    9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 

Toute aide appréciée.

1

Donc, comme je l’ai expliqué dans les commentaires ci-dessus, c’est une faute de frappe que j’ai faite Lol ... j’avais mon port INPUT udp comme 51513 au lieu de 51413 ...

Mais, juste au cas où quelqu'un voudrait savoir, ce sont les règles que j'ai utilisées pour autoriser la transmission:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT

Merci à tous pour leur contribution

3