Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 06/04/2006, à 15:16

tkjerry

problemes gkrellm et iptables[résolu]

Salut tout le monde

Depuis que j'ai configuré iptables avec kmyfirewall
je n'arrive plus à lancer gkrellm2
voici mon script:

#!/bin/sh
#
# copyright (c) the KMyFirewall developers 2002-2005
#      mail to: Christian Hubinger <chubinegr@sedisys.com>
#
# KMyFirewall v1.0
# This is an automatic generated file DO NOT EDIT
#


startFirewall() {

echo -n "Starting iptables (created by KMyFirewall)...       "
if [ "$verbose" = "1" ]; then
echo -n "
Loading needed modules...          "
fi


$MOD ip_tables 
$MOD ip_conntrack 
$MOD ipt_LOG 
$MOD ipt_limit 
$MOD ipt_state 
$MOD ip_conntrack_ftp
$MOD ip_conntrack_irc

$MOD iptable_filter
$MOD iptable_nat
$MOD iptable_mangle
if [ "$verbose" = "1" ]; then
echo "Done."
fi



#  Define all custom chains
if [ "$verbose" = "1" ]; then
echo -n "Create custom chains...       "
fi





if [ "$verbose" = "1" ]; then
echo "  Done."
fi



#  Rules:
if [ "$verbose" = "1" ]; then
echo "Settup Rules in Table FILTER:"
fi




#  Define Rules for Chain: INPUT
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: INPUT"
fi

                    
$IPT -t filter -A INPUT --match limit --limit 5/second --limit-burst 5 -p icmp --icmp-type echo-request -j ACCEPT  || { status="1"; echo " Setting up Rule: ICMP FAILED! "; exit 1; }

$IPT -t filter -A INPUT -p tcp --match multiport --destination-ports 137,138,139 -j ACCEPT  || { status="1"; echo " Setting up Rule: SMB_tcp FAILED! "; exit 1; }

$IPT -t filter -A INPUT -p tcp --destination-port 80 -j ACCEPT  || { status="1"; echo " Setting up Rule: HTTP_tcp FAILED! "; exit 1; }

$IPT -t filter -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT  || { status="1"; echo " Setting up Rule: CONNTRACK FAILED! "; exit 1; }

$IPT -t filter -A INPUT -m limit --limit 5/second --limit-burst 5 -j LOG --log-prefix "KMF: " || { status="1"; echo " Setting up Rule: Chain: INPUT Drop Logging FAILED! "; exit 1; }

$IPT -t filter -P INPUT DROP || { status="1"; echo " Setting up Rule: Chain: INPUT Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: OUTPUT
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: OUTPUT"
fi

                    
$IPT -t filter -P OUTPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: OUTPUT Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: FORWARD
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: FORWARD"
fi

                    
$IPT -t filter -P FORWARD ACCEPT || { status="1"; echo " Setting up Rule: Chain: FORWARD Default Target FAILED! "; exit 1; }


if [ "$verbose" = "1" ]; then
echo "Settup Rules in Table NAT:"
fi




#  Define Rules for Chain: OUTPUT
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: OUTPUT"
fi

                    
$IPT -t nat -P OUTPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: OUTPUT Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: PREROUTING
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: PREROUTING"
fi

                    
$IPT -t nat -P PREROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: PREROUTING Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: POSTROUTING
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: POSTROUTING"
fi

                    
$IPT -t nat -P POSTROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: POSTROUTING Default Target FAILED! "; exit 1; }


if [ "$verbose" = "1" ]; then
echo "Settup Rules in Table MANGLE:"
fi




#  Define Rules for Chain: INPUT
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: INPUT"
fi

                    
$IPT -t mangle -P INPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: INPUT Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: OUTPUT
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: OUTPUT"
fi

                    
$IPT -t mangle -P OUTPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: OUTPUT Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: FORWARD
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: FORWARD"
fi

                    
$IPT -t mangle -P FORWARD ACCEPT || { status="1"; echo " Setting up Rule: Chain: FORWARD Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: PREROUTING
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: PREROUTING"
fi

                    
$IPT -t mangle -P PREROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: PREROUTING Default Target FAILED! "; exit 1; }


#  Define Rules for Chain: POSTROUTING
if [ "$verbose" = "1" ]; then
echo "Create Rules for Chain: POSTROUTING"
fi

                    
$IPT -t mangle -P POSTROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: POSTROUTING Default Target FAILED! "; exit 1; }



if [ "$verbose" = "1" ]; then
echo -n "Enable IP Forwarding.                "
fi


echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "$verbose" = "1" ]; then
echo "Done."
fi


if [ "$verbose" = "1" ]; then
echo -n "Disable Reverse Path Filtering       "
fi


for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i 
done
if [ "$verbose" = "1" ]; then
echo "Done."
fi


if [ "$verbose" = "1" ]; then
echo -n "Disable log_martians (logging).           "
fi


for i in /proc/sys/net/ipv4/conf/*/log_martians ; do
echo 0 > $i 
done
if [ "$verbose" = "1" ]; then
echo "Done."
fi



if [ "$verbose" = "1" ]; then
echo -n "Enable Syn Cookies.          "
fi


echo 1 > /proc/sys/net/ipv4/tcp_syncookies
if [ "$verbose" = "1" ]; then
echo "Done."
fi


echo Done.
}

stopFirewall() {
  echo -n "Clearing iptables (created by KMyFirewall)...       "

  $IPT -t filter -F || status="1"
  $IPT -t filter -X || status="1"
  $IPT -t filter -P INPUT ACCEPT || status="1"
  $IPT -t filter -P OUTPUT ACCEPT || status="1"
  $IPT -t filter -P FORWARD ACCEPT || status="1"

  $IPT -t nat -F || status="1"
  $IPT -t nat -X || status="1"
  $IPT -t nat -P OUTPUT ACCEPT || status="1"
  $IPT -t nat -P PREROUTING ACCEPT || status="1"
  $IPT -t nat -P POSTROUTING ACCEPT || status="1"

  $IPT -t mangle -F || status="1"
  $IPT -t mangle -X || status="1"
  $IPT -t mangle -P INPUT ACCEPT || status="1"
  $IPT -t mangle -P OUTPUT ACCEPT || status="1"
  $IPT -t mangle -P OUTPUT ACCEPT || status="1"
  $IPT -t mangle -P PREROUTING ACCEPT || status="1"
  $IPT -t mangle -P POSTROUTING ACCEPT || status="1"

  echo "Done."

}

IPT="/sbin/iptables"
MOD="/sbin/modprobe"
status="0"
verbose="0"
action="$1"
if [ "$1" = "-v" ]; then
    verbose="1"
fi

if [ "$1" = "--verbose" ]; then
    verbose="1"
fi

if [ "$verbose" = "1" ]; then
    if [ "$2" = "" ]; then
    echo "Usage: sh kmyfirewall.sh [-v|--verbose] { start | stop | restart }"
    exit 1
  fi
action="$2"
fi

case $action in
  start)
  stopFirewall
  startFirewall
  ;;
  stop)
  stopFirewall
  ;;
  restart)
  stopFirewall
  startFirewall
  ;;
  *)
  echo "Invalid action!
Usage: sh kmyfirewall.sh [-v|--verbose] { start | stop | restart }"
  ;;
  esac

if [ "$status" = "1" ]; then
  exit 1
else
  exit 0
fi

et donc je voudrais savoir quelles sont les options à passer à iptable pour que gkrelm ne soit plus bloqué
merci
tkjerry

Dernière modification par tkjerry (Le 06/04/2006, à 15:24)

tkjerry

Hors ligne

#2 Le 06/04/2006, à 15:27

tkjerry

Re : problemes gkrellm et iptables[résolu]

en fait il se lance
mais il en met un peu plus de temps c'est tout
comme il y a des module par exemple pour surveiller les mails, la connectivité des cartes etc ... je pensais que iptables bloque ces protcoles
donc en ne le voyant j'ai un peu paniqué tongue

tkjerry

Hors ligne

Pages : 1