Mageia 7b2 : l'essayer, c'est l'adopter. [Réglé]
gustine Membre non connecté
-
- Voir le profil du membre gustine
- Inscrit le : 26/09/2010
- Site internet
- Groupes :
Mon réseau,
▫ Ancien une machine Mageia assemblée en 2010, utilisé comme sauvegarde, serveur apache de secours et tests,
▫ Nouveau une autre Mageia assemblée en 2015, multi-usage (firefox, libreoffice, gimp, vidéo, etc.), serveur apache SSL (piwigo, webtrees),
▫ Windows multi-usages aussi...
N'ayant jamais aimé KDE et abandonné Gnome depuis la regrettable version 3, j'utilise Mate et j'ai longtemps différé le passage de Mageia 5 à 6 et son vénérable php 5.6. Mageia 7 apporte enfin le php 7 tant attendu. Donc je teste.
Première tentative en double boot sur Ancien et le driver propriétaire Nvidia 340 pour ma Geforce GT 220. Échec (25 février). Nouvelle installation sans ce fichu driver ; c'est tout bon, je passe donc à Nouveau, toujours en double boot. Firefox Nightly étant pénible, je le vire pour le Firefox 65 normal. Tout fonctionne sans problème, serveur apache inclus. Sauf accident de mise à jour, je ne repasserai pas sous Mageia 6. Vive Mageia et ses développeurs !
Seule ombre au tableau, je galère avec le serveur samba comme à chaque réinstallation (et en 20 ans, j'en ai fait quelques-unes...). Le problème semble venir du pare-feu. À force de bricoler, Nouveau est visible et accessible mais Ancien reste obstinément caché. Les deux configurations sont évidemment identiques (au nom de machine près), les ports ad hoc apparaissent bien dans rules.drakx mais les ports 139 et 445 sur Ancien sont en réalité fermés. Une idée ?
Ami age Membre non connecté
-
- Voir le profil du membre Ami age
- Inscrit le : 18/08/2012
- Site internet
- Groupes :
-
Modérateur
_______________________________________________________________________ 
___________________________________ Un petit clic pour Mageia ? =>> CLIQUEZ I C I :
.
___________________________________ Un petit clic pour Mageia ? =>> CLIQUEZ I C I :
.
vouf Membre non connecté
-
- Voir le profil du membre vouf
- Inscrit le : 16/08/2008
- Groupes :
gustine :
Sauf accident de mise à jour, je ne repasserai pas sous Mageia 6. Vive Mageia et ses développeurs !
e ?
e ?
Fait attention tout de même, car ça bouge énormément en ce moment, avec de nombreuses mises à jour qui peuvent casser ton système ponctuellement. Il y a encore beaucoup de travail et il faut s'attendre à de grosse MAJ (Gnome 3.32/Plasma 5.15).
Pour samba, ,normalement, tu devrais pouvoir ouvrir les ports sur ancien au niveau du firewall. Mais peut être as tu plusieurs cartes réseaux ? Dans ce cas, vérifie que le pare feu utilise la bonne carte..
Jybz Membre non connecté
-
- Voir le profil du membre Jybz
- Inscrit le : 10/10/2018
- Groupes :
-
Administrateur
-
Forgeron
le parefeu coupe tout s'il y a un problème, et sans avertir.
Quelques commandes pour avoir un retour :
Code BASH :
# service shorewall status # service shorewall6 status # shorewall restart # shorewall6 restart # iptables -L # ip6tables -L
Avec ça, tu devrais avoir quelques info. N'hésites pas à les partager
gustine Membre non connecté
-
- Voir le profil du membre gustine
- Inscrit le : 26/09/2010
- Site internet
- Groupes :
J'utilise Mate, les mises à jour devraient être mineures et mes deux machines sont en double boot. Si ça bloque il me suffira de rebooter sur Mageia 6 et de recharger au besoin la dernière sauvegarde mysql de son site web perso (lequel évolue peu en ce moment). Le risque est quasi nul.
@Jybz
Je gère le firewall via le MCC qui semble fonctionner normalement. De ce que je comprends, il écrit dans un fichier etc/shorewall/rules.drakx les ports à ouvrir.
▫ les ports 80, 8080 et 443 y figurent, le serveur web est accessible,
▫ le port 22 y figure, le service ssh est accessible,
▫ les ports 137, 139 et 445 y figurent mais ils restent fermés et samba est donc inaccessible.
Le fichier rules.drakx de Mageia 6 (qui fonctionne normalement) est identique à une entrée près « ACCEPT net fw icmp 8 ». Je ne sais pas ce qui l'a créée.
Dans les deux cas les services iptables, ip6tables et shorewall6 sont arrêtés ; seul shorewall est actif.
iptables - L sur Mageia 7 :
Caché :
Chain INPUT (policy DROP)
target prot opt source destination
Ifw all -- anywhere anywhere
net-fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "INPUT REJECT "
reject all -- anywhere anywhere [goto]
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "FORWARD REJECT "
reject all -- anywhere anywhere [goto]
Chain OUTPUT (policy DROP)
target prot opt source destination
fw-net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "OUTPUT REJECT "
reject all -- anywhere anywhere [goto]
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere match-set ifw_wl src
DROP all -- anywhere anywhere match-set ifw_bl src
IFWLOG all -- anywhere anywhere ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:sshIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:webcacheIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:ndmpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-ssnIFWLOG prefix 'NEW'
Chain dynamic (1 references)
target prot opt source destination
Chain fw-net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logflags (7 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info ip-options prefix "logflags DROP "
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net-fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports http,https,ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp,webcache,ndmp,netbios-ssn
ACCEPT udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "net-fw DROP "
DROP all -- anywhere anywhere
Chain reject (4 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- base-address.mcast.net/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain sha-lh-df10a8d8526ea2062406 (0 references)
target prot opt source destination
Chain sha-rh-6e93fa1029e023c8f78a (0 references)
target prot opt source destination
Chain shorewall (0 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (1 references)
target prot opt source destination
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,RST/FIN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,PSH,ACK/FIN,PSH
logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN
target prot opt source destination
Ifw all -- anywhere anywhere
net-fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "INPUT REJECT "
reject all -- anywhere anywhere [goto]
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "FORWARD REJECT "
reject all -- anywhere anywhere [goto]
Chain OUTPUT (policy DROP)
target prot opt source destination
fw-net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "OUTPUT REJECT "
reject all -- anywhere anywhere [goto]
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere match-set ifw_wl src
DROP all -- anywhere anywhere match-set ifw_bl src
IFWLOG all -- anywhere anywhere ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:sshIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:webcacheIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:ndmpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-ssnIFWLOG prefix 'NEW'
Chain dynamic (1 references)
target prot opt source destination
Chain fw-net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logflags (7 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info ip-options prefix "logflags DROP "
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net-fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports http,https,ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp,webcache,ndmp,netbios-ssn
ACCEPT udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
LOG all -- anywhere anywhere limit: up to 1/sec burst 10 mode srcip LOG level info prefix "net-fw DROP "
DROP all -- anywhere anywhere
Chain reject (4 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- base-address.mcast.net/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain sha-lh-df10a8d8526ea2062406 (0 references)
target prot opt source destination
Chain sha-rh-6e93fa1029e023c8f78a (0 references)
target prot opt source destination
Chain shorewall (0 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (1 references)
target prot opt source destination
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,RST/FIN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,PSH,ACK/FIN,PSH
logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN
iptables -L sur Mageia 6 :
Caché :
Chain INPUT (policy DROP)
target prot opt source destination
Ifw all -- anywhere anywhere
net-fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:"
reject all -- anywhere anywhere [goto]
Chain FORWARD (policy DROP)
target prot opt source destination
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:"
reject all -- anywhere anywhere [goto]
Chain OUTPUT (policy DROP)
target prot opt source destination
fw-net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:"
reject all -- anywhere anywhere [goto]
Chain Broadcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
Chain Drop (1 references)
target prot opt source destination
all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Broadcast all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
DROP udp -- anywhere anywhere multiport dports epmap,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
DROP tcp -- anywhere anywhere multiport dports epmap,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:ssdp /* UPnP */
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere match-set ifw_wl src
DROP all -- anywhere anywhere match-set ifw_bl src
IFWLOG all -- anywhere anywhere ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:sshIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:ndmpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:webcacheIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
Chain Reject (3 references)
target prot opt source destination
all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Broadcast all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
reject udp -- anywhere anywhere [goto] multiport dports epmap,microsoft-ds /* SMB */
reject udp -- anywhere anywhere [goto] udp dpts:netbios-ns:netbios-ssn /* SMB */
reject udp -- anywhere anywhere [goto] udp spt:netbios-ns dpts:1024:65535 /* SMB */
reject tcp -- anywhere anywhere [goto] multiport dports epmap,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:ssdp /* UPnP */
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
Chain dynamic (1 references)
target prot opt source destination
Chain fw-net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logflags (7 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflags
ROP:"
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net-fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports http,https,ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp,ndmp,webcache
ACCEPT udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp
ACCEPT icmp -- anywhere anywhere icmp echo-request
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net-fwROP:"
DROP all -- anywhere anywhere
Chain reject (8 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- base-address.mcast.net/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain sha-lh-161711acc871dcc37ecb (0 references)
target prot opt source destination
Chain sha-rh-a7ec6171588888afba90 (0 references)
target prot opt source destination
Chain shorewall (0 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (1 references)
target prot opt source destination
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,RST/FIN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,PSH,ACK/FIN,PSH
logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN
target prot opt source destination
Ifw all -- anywhere anywhere
net-fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:"
reject all -- anywhere anywhere [goto]
Chain FORWARD (policy DROP)
target prot opt source destination
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:"
reject all -- anywhere anywhere [goto]
Chain OUTPUT (policy DROP)
target prot opt source destination
fw-net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:"
reject all -- anywhere anywhere [goto]
Chain Broadcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
Chain Drop (1 references)
target prot opt source destination
all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Broadcast all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
DROP udp -- anywhere anywhere multiport dports epmap,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
DROP tcp -- anywhere anywhere multiport dports epmap,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:ssdp /* UPnP */
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere match-set ifw_wl src
DROP all -- anywhere anywhere match-set ifw_bl src
IFWLOG all -- anywhere anywhere ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:httpsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:sshIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:ndmpIFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere ctstate NEW tcp dpt:webcacheIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-nsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-dgmIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:netbios-ssnIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW udp dpt:microsoft-dsIFWLOG prefix 'NEW'
IFWLOG udp -- anywhere anywhere ctstate NEW multiport dports 1024:mctpIFWLOG prefix 'NEW'
Chain Reject (3 references)
target prot opt source destination
all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Broadcast all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
reject udp -- anywhere anywhere [goto] multiport dports epmap,microsoft-ds /* SMB */
reject udp -- anywhere anywhere [goto] udp dpts:netbios-ns:netbios-ssn /* SMB */
reject udp -- anywhere anywhere [goto] udp spt:netbios-ns dpts:1024:65535 /* SMB */
reject tcp -- anywhere anywhere [goto] multiport dports epmap,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:ssdp /* UPnP */
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
Chain dynamic (1 references)
target prot opt source destination
Chain fw-net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logflags (7 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflags
ROP:"DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net-fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports http,https,ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp,ndmp,webcache
ACCEPT udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds,1024:mctp
ACCEPT icmp -- anywhere anywhere icmp echo-request
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net-fw
ROP:"DROP all -- anywhere anywhere
Chain reject (8 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- base-address.mcast.net/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain sha-lh-161711acc871dcc37ecb (0 references)
target prot opt source destination
Chain sha-rh-a7ec6171588888afba90 (0 references)
target prot opt source destination
Chain shorewall (0 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (1 references)
target prot opt source destination
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,RST/FIN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,PSH,ACK/FIN,PSH
logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN
Jybz Membre non connecté
-
- Voir le profil du membre Jybz
- Inscrit le : 10/10/2018
- Groupes :
-
Administrateur
-
Forgeron
(J'avoue que je suis perdu avec toutes les règles iptables, c'est du lourd, je n'ai jamais pris le temps d'apprendre. Pour imcp, c'est la réponse au commandes ping
)
gustine Membre non connecté
-
- Voir le profil du membre gustine
- Inscrit le : 26/09/2010
- Site internet
- Groupes :
service shorewall status
Caché :
Redirecting to /bin/systemctl status shorewall.service
● shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2019-03-01 08:29:49 CET; 2h 7min ago
Process: 2667 ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2667 (code=exited, status=0/SUCCESS)
mars 01 08:29:48 localhost shorewall[2667]: Processing /etc/shorewall/tcclear ...
mars 01 08:29:49 localhost shorewall[2667]: Setting up Route Filtering...
mars 01 08:29:49 localhost shorewall[2667]: Setting up Martian Logging...
mars 01 08:29:49 localhost shorewall[2667]: Setting up Proxy ARP...
mars 01 08:29:49 localhost shorewall[2667]: Preparing iptables-restore input...
mars 01 08:29:49 localhost shorewall[2667]: Running /sbin/iptables-restore --wait 60...
mars 01 08:29:49 localhost shorewall[2667]: Processing /etc/shorewall/start ...
mars 01 08:29:49 localhost shorewall[2667]: Processing /etc/shorewall/started ...
mars 01 08:29:49 localhost shorewall[2667]: done.
mars 01 08:29:49 localhost systemd[1]: Started Shorewall IPv4 firewall.
● shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2019-03-01 08:29:49 CET; 2h 7min ago
Process: 2667 ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2667 (code=exited, status=0/SUCCESS)
mars 01 08:29:48 localhost shorewall[2667]: Processing /etc/shorewall/tcclear ...
mars 01 08:29:49 localhost shorewall[2667]: Setting up Route Filtering...
mars 01 08:29:49 localhost shorewall[2667]: Setting up Martian Logging...
mars 01 08:29:49 localhost shorewall[2667]: Setting up Proxy ARP...
mars 01 08:29:49 localhost shorewall[2667]: Preparing iptables-restore input...
mars 01 08:29:49 localhost shorewall[2667]: Running /sbin/iptables-restore --wait 60...
mars 01 08:29:49 localhost shorewall[2667]: Processing /etc/shorewall/start ...
mars 01 08:29:49 localhost shorewall[2667]: Processing /etc/shorewall/started ...
mars 01 08:29:49 localhost shorewall[2667]: done.
mars 01 08:29:49 localhost systemd[1]: Started Shorewall IPv4 firewall.
service shorewall6 status
Caché :
Redirecting to /bin/systemctl status shorewall6.service
● shorewall6.service - Shorewall IPv6 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall6.service; disabled; vendor preset: enabled)
Active: inactive (dead)
● shorewall6.service - Shorewall IPv6 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall6.service; disabled; vendor preset: enabled)
Active: inactive (dead)
shorewall restart
Caché :
Stopping Shorewall....
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Preparing iptables-restore input...
Running /sbin/iptables-restore --wait 60...
Processing /etc/shorewall/stopped ...
done.
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Preparing iptables-restore input...
Running /sbin/iptables-restore --wait 60...
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Preparing iptables-restore input...
Running /sbin/iptables-restore --wait 60...
Processing /etc/shorewall/stopped ...
done.
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Preparing iptables-restore input...
Running /sbin/iptables-restore --wait 60...
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
Jybz Membre non connecté
-
- Voir le profil du membre Jybz
- Inscrit le : 10/10/2018
- Groupes :
-
Administrateur
-
Forgeron
Je ne vois pas de problème.
Peux-tu faire une comparaison entre mga6/mga7 avec les commandes :
Code BASH :
# netstat -lapute
la liste les toutes (a) les applications ainsi que cettes qui écoutes (l) (comme serveur) en udp (u) et tcp (t) avec un affichage etendu (e) pour plus d'info.
gustine Membre non connecté
-
- Voir le profil du membre gustine
- Inscrit le : 26/09/2010
- Site internet
- Groupes :
)Le résultat depuis Nouveau qui fonctionne presque bien (il manque 137/udp)
Caché :
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Utilisatr Inode PID/Program name
tcp 0 0 0.0.0.0:netbios-ssn 0.0.0.0:* LISTEN root 22194 2669/smbd
tcp 0 0 0.0.0.0:ndmp 0.0.0.0:* LISTEN root 24458 2989/perl
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 23690 2661/sshd
tcp 0 0 0.0.0.0:microsoft-ds 0.0.0.0:* LISTEN root 22193 2669/smbd
tcp 0 0 Nouveau:35916 he25.mail.ovh.net:imaps ESTABLISHED yyyy 37792 22478/thunderbird
tcp 0 0 Nouveau:36286 imap.free.fr:imap ESTABLISHED yyyy 37788 22478/thunderbird
tcp 5 0 Nouveau:53714 192.168.1.6:netbios-ssn CLOSE_WAIT yyyy 40164 23275/gvfsd-smb-bro
tcp 0 0 Nouveau:41430 ec2-34-209-30-112:https ESTABLISHED yyyy 196043 9765/firefox
tcp 0 0 Nouveau:40558 gnet1-88.larevet.:https ESTABLISHED yyyy 264587 9765/firefox
tcp 0 0 Nouveau:36288 imap.free.fr:imap ESTABLISHED yyyy 37789 22478/thunderbird
tcp 1 0 Nouveau:53716 192.168.1.6:netbios-ssn CLOSE_WAIT yyyy 40221 23275/gvfsd-smb-bro
tcp6 0 0 [:![:]](/images/smileys/8.gif)
:netbios-ssn [::* LISTEN root 22192 2669/smbd
tcp6 0 0 [::webcache [::* LISTEN root 20981 2673/httpd
tcp6 0 0 [::http [::* LISTEN root 20973 2673/httpd
tcp6 0 0 [::ssh [::* LISTEN root 23692 2661/sshd
tcp6 0 0 [::https [::* LISTEN root 20985 2673/httpd
tcp6 0 0 [::microsoft-ds [::* LISTEN root 22191 2669/smbd
tcp6 0 0 Nouveau:https 125.64.94.201:38672 SYN_RECV root 0 -
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* root 20637 2413/dhclient
udp 0 0 localhost:323 0.0.0.0:* root 19742 900/chronyd
udp 0 0 0.0.0.0:ndmp 0.0.0.0:* root 24459 2989/perl
udp6 0 0 localhost:323 [::* root 19743 900/chronyd
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Utilisatr Inode PID/Program name
tcp 0 0 0.0.0.0:netbios-ssn 0.0.0.0:* LISTEN root 22194 2669/smbd
tcp 0 0 0.0.0.0:ndmp 0.0.0.0:* LISTEN root 24458 2989/perl
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 23690 2661/sshd
tcp 0 0 0.0.0.0:microsoft-ds 0.0.0.0:* LISTEN root 22193 2669/smbd
tcp 0 0 Nouveau:35916 he25.mail.ovh.net:imaps ESTABLISHED yyyy 37792 22478/thunderbird
tcp 0 0 Nouveau:36286 imap.free.fr:imap ESTABLISHED yyyy 37788 22478/thunderbird
tcp 5 0 Nouveau:53714 192.168.1.6:netbios-ssn CLOSE_WAIT yyyy 40164 23275/gvfsd-smb-bro
tcp 0 0 Nouveau:41430 ec2-34-209-30-112:https ESTABLISHED yyyy 196043 9765/firefox
tcp 0 0 Nouveau:40558 gnet1-88.larevet.:https ESTABLISHED yyyy 264587 9765/firefox
tcp 0 0 Nouveau:36288 imap.free.fr:imap ESTABLISHED yyyy 37789 22478/thunderbird
tcp 1 0 Nouveau:53716 192.168.1.6:netbios-ssn CLOSE_WAIT yyyy 40221 23275/gvfsd-smb-bro
tcp6 0 0 [:
:netbios-ssn [::* LISTEN root 22192 2669/smbd tcp6 0 0 [:
:webcache [::* LISTEN root 20981 2673/httpd tcp6 0 0 [:
:http [::* LISTEN root 20973 2673/httpd tcp6 0 0 [:
:ssh [::* LISTEN root 23692 2661/sshd tcp6 0 0 [:
:https [::* LISTEN root 20985 2673/httpd tcp6 0 0 [:
:microsoft-ds [::* LISTEN root 22191 2669/smbd tcp6 0 0 Nouveau:https 125.64.94.201:38672 SYN_RECV root 0 -
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* root 20637 2413/dhclient
udp 0 0 localhost:323 0.0.0.0:* root 19742 900/chronyd
udp 0 0 0.0.0.0:ndmp 0.0.0.0:* root 24459 2989/perl
udp6 0 0 localhost:323 [:
:* root 19743 900/chronyd Et le résultat depuis Ancien (je suis connecté dessus par ssh)
Caché :
netstat -lapute
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Utilisatr Inode PID/Program name
tcp 0 0 localhost:10026 0.0.0.0:* LISTEN root 25278 2093/master
tcp 0 0 0.0.0.0:ndmp 0.0.0.0:* LISTEN root 21861 1618/perl
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 20470 1401/sshd
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN root 26342 2093/master
tcp 0 0 localhos:x11-ssh-offset 0.0.0.0:* LISTEN xxxx 1288165 16255/sshd: xxxx@pt
tcp 1 0 Ancien:53978 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 81581 9043/gvfsd-smb-brow
tcp 1 0 Ancien:53980 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82575 9043/gvfsd-smb-brow
tcp 1 0 Ancien:53982 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82604 9043/gvfsd-smb-brow
tcp 0 0 Ancien:50166 aglae.biomedicale.:http TIME_WAIT root 0 -
tcp 0 212 Ancien:ssh Nouveau:33202 ESTABLISHED root 1288585 16247/sshd: xxxx [p
tcp 0 0 Ancien:44170 mandril.creatis.in:http TIME_WAIT root 0 -
tcp 0 0 Ancien:54572 ec2-52-25-182-43.:https ESTABLISHED xxxx 836100 3408/firefox
tcp 5 0 Ancien:53974 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82537 9043/gvfsd-smb-brow
tcp 5 0 Ancien:53970 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82045 9043/gvfsd-smb-brow
tcp6 0 0 [::webcache [::* LISTEN root 850276 7561/httpd
tcp6 0 0 [::http [::* LISTEN root 850268 7561/httpd
tcp6 0 0 [::ssh [::* LISTEN root 20472 1401/sshd
tcp6 0 0 localhost:smtp [::* LISTEN root 26343 2093/master
tcp6 0 0 localhos:x11-ssh-offset [::* LISTEN xxxx 1288164 16255/sshd: xxxx@pt
tcp6 0 0 [::https [::* LISTEN root 850280 7561/httpd
udp 0 0 0.0.0.0:ndmp 0.0.0.0:* root 21862 1618/perl
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* root 20659 1246/dhclient
udp 0 0 0.0.0.0:40083 0.0.0.0:* avahi 18716 760/avahi-daemon: r
udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi 18714 760/avahi-daemon: r
udp6 0 0 [::42564 [::* avahi 18717 760/avahi-daemon: r
udp6 0 0 [::mdns [::* avahi 18715 760/avahi-daemon: r
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Utilisatr Inode PID/Program name
tcp 0 0 localhost:10026 0.0.0.0:* LISTEN root 25278 2093/master
tcp 0 0 0.0.0.0:ndmp 0.0.0.0:* LISTEN root 21861 1618/perl
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 20470 1401/sshd
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN root 26342 2093/master
tcp 0 0 localhos:x11-ssh-offset 0.0.0.0:* LISTEN xxxx 1288165 16255/sshd: xxxx@pt
tcp 1 0 Ancien:53978 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 81581 9043/gvfsd-smb-brow
tcp 1 0 Ancien:53980 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82575 9043/gvfsd-smb-brow
tcp 1 0 Ancien:53982 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82604 9043/gvfsd-smb-brow
tcp 0 0 Ancien:50166 aglae.biomedicale.:http TIME_WAIT root 0 -
tcp 0 212 Ancien:ssh Nouveau:33202 ESTABLISHED root 1288585 16247/sshd: xxxx [p
tcp 0 0 Ancien:44170 mandril.creatis.in:http TIME_WAIT root 0 -
tcp 0 0 Ancien:54572 ec2-52-25-182-43.:https ESTABLISHED xxxx 836100 3408/firefox
tcp 5 0 Ancien:53974 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82537 9043/gvfsd-smb-brow
tcp 5 0 Ancien:53970 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82045 9043/gvfsd-smb-brow
tcp6 0 0 [:
:webcache [::* LISTEN root 850276 7561/httpd tcp6 0 0 [:
:http [::* LISTEN root 850268 7561/httpd tcp6 0 0 [:
:ssh [::* LISTEN root 20472 1401/sshd tcp6 0 0 localhost:smtp [:
:* LISTEN root 26343 2093/master tcp6 0 0 localhos:x11-ssh-offset [:
:* LISTEN xxxx 1288164 16255/sshd: xxxx@pttcp6 0 0 [:
:https [::* LISTEN root 850280 7561/httpd udp 0 0 0.0.0.0:ndmp 0.0.0.0:* root 21862 1618/perl
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* root 20659 1246/dhclient
udp 0 0 0.0.0.0:40083 0.0.0.0:* avahi 18716 760/avahi-daemon: r
udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi 18714 760/avahi-daemon: r
udp6 0 0 [:
:42564 [::* avahi 18717 760/avahi-daemon: rudp6 0 0 [:
:mdns [::* avahi 18715 760/avahi-daemon: rDésolé de te prendre autant de temps.
Jybz Membre non connecté
-
- Voir le profil du membre Jybz
- Inscrit le : 10/10/2018
- Groupes :
-
Administrateur
-
Forgeron
Caché :
Code TEXT :
#Nouveau (dont smb ne fonctionne pas) : Connexions Internet actives (serveurs et établies) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Utilisatr Inode PID/Program name tcp 0 0 0.0.0.0:netbios-ssn 0.0.0.0:* LISTEN root 22194 2669/smbd tcp 0 0 0.0.0.0:ndmp 0.0.0.0:* LISTEN root 24458 2989/perl tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 23690 2661/sshd tcp 0 0 0.0.0.0:microsoft-ds 0.0.0.0:* LISTEN root 22193 2669/smbd tcp 0 0 Nouveau:35916 he25.mail.ovh.net:imaps ESTABLISHED yyyy 37792 22478/thunderbird tcp 0 0 Nouveau:36286 imap.free.fr:imap ESTABLISHED yyyy 37788 22478/thunderbird tcp 5 0 Nouveau:53714 192.168.1.6:netbios-ssn CLOSE_WAIT yyyy 40164 23275/gvfsd-smb-bro tcp 0 0 Nouveau:41430 ec2-34-209-30-112:https ESTABLISHED yyyy 196043 9765/firefox tcp 0 0 Nouveau:40558 gnet1-88.larevet.:https ESTABLISHED yyyy 264587 9765/firefox tcp 0 0 Nouveau:36288 imap.free.fr:imap ESTABLISHED yyyy 37789 22478/thunderbird tcp 1 0 Nouveau:53716 192.168.1.6:netbios-ssn CLOSE_WAIT yyyy 40221 23275/gvfsd-smb-bro tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN root 22192 2669/smbd tcp6 0 0 [::]:webcache [::]:* LISTEN root 20981 2673/httpd tcp6 0 0 [::]:http [::]:* LISTEN root 20973 2673/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN root 23692 2661/sshd tcp6 0 0 [::]:https [::]:* LISTEN root 20985 2673/httpd tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN root 22191 2669/smbd tcp6 0 0 Nouveau:https 125.64.94.201:38672 SYN_RECV root 0 - udp 0 0 0.0.0.0:bootpc 0.0.0.0:* root 20637 2413/dhclient udp 0 0 localhost:323 0.0.0.0:* root 19742 900/chronyd udp 0 0 0.0.0.0:ndmp 0.0.0.0:* root 24459 2989/perl udp6 0 0 localhost:323 [::]:* root 19743 900/chronyd #Ancien (avec smb fonctionnel) : Connexions Internet actives (serveurs et établies) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Utilisatr Inode PID/Program name tcp 0 0 localhost:10026 0.0.0.0:* LISTEN root 25278 2093/master tcp 0 0 0.0.0.0:ndmp 0.0.0.0:* LISTEN root 21861 1618/perl tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 20470 1401/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN root 26342 2093/master tcp 0 0 localhos:x11-ssh-offset 0.0.0.0:* LISTEN xxxx 1288165 16255/sshd: xxxx@pt tcp 1 0 Ancien:53978 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 81581 9043/gvfsd-smb-brow tcp 1 0 Ancien:53980 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82575 9043/gvfsd-smb-brow tcp 1 0 Ancien:53982 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82604 9043/gvfsd-smb-brow tcp 0 0 Ancien:50166 aglae.biomedicale.:http TIME_WAIT root 0 - tcp 0 212 Ancien:ssh Nouveau:33202 ESTABLISHED root 1288585 16247/sshd: xxxx [p tcp 0 0 Ancien:44170 mandril.creatis.in:http TIME_WAIT root 0 - tcp 0 0 Ancien:54572 ec2-52-25-182-43.:https ESTABLISHED xxxx 836100 3408/firefox tcp 5 0 Ancien:53974 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82537 9043/gvfsd-smb-brow tcp 5 0 Ancien:53970 192.168.1.6:netbios-ssn CLOSE_WAIT xxxx 82045 9043/gvfsd-smb-brow tcp6 0 0 [::]:webcache [::]:* LISTEN root 850276 7561/httpd tcp6 0 0 [::]:http [::]:* LISTEN root 850268 7561/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN root 20472 1401/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN root 26343 2093/master tcp6 0 0 localhos:x11-ssh-offset [::]:* LISTEN xxxx 1288164 16255/sshd: xxxx@pt tcp6 0 0 [::]:https [::]:* LISTEN root 850280 7561/httpd udp 0 0 0.0.0.0:ndmp 0.0.0.0:* root 21862 1618/perl udp 0 0 0.0.0.0:bootpc 0.0.0.0:* root 20659 1246/dhclient udp 0 0 0.0.0.0:40083 0.0.0.0:* avahi 18716 760/avahi-daemon: r udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi 18714 760/avahi-daemon: r udp6 0 0 [::]:42564 [::]:* avahi 18717 760/avahi-daemon: r udp6 0 0 [::]:mdns [::]:* avahi 18715 760/avahi-daemon: r
Oui, à savoir les options n'ont pas d'ordre, mais je trouve que dans cette ordre on s'en souvient.
Jybz Membre non connecté
-
- Voir le profil du membre Jybz
- Inscrit le : 10/10/2018
- Groupes :
-
Administrateur
-
Forgeron
Je viens de voir que j'ai mal compris !
Il me semblait que nouveau n'était pas visible, et que ancien l'était. Du coup je ne comprenais pas. Le texte que j'ai copier/coller dessus, rassemblé en un seul fichier, est faux dans la première ligne des deux parties, (ancien est non visible alors que j'ai écris l'inverse.)
Alors j'ai une bonne nouvelle, on se rapproche du but !
Ton pare-feu est bien configuré !
Par contre, si tu as du mal à voir la différence entre les deux, tu peux taper ces commandes :
Code BASH :
# netstat -lapute | grep smbd
Tu verras, sur nouveau, le démon du serveur samba (smbd) est actif et écoutes aux ports. S'pour ça qu'on l'voit !
Par contre, le démon n'est pas actif sur ancien. Il sera dur de la feuille ^^
Désolé, mes compétences en samba s'arrêtent là :/ Je ne peux pas continuer à t'aider.
Mais si j'étais toi, je taperai :
Code BASH :
# service s[TABULATION][TABULATION]
je regarderai les propositions, puis
Code BASH :
# service [mettre ici une des suggestions qui ressemble à samba] restart
gustine Membre non connecté
-
- Voir le profil du membre gustine
- Inscrit le : 26/09/2010
- Site internet
- Groupes :
Mais quel idiot !À force de bricoler pour faire apparaître le service netbios-ns (name service, port 137), j'avais effectivement arrêté smb sur Ancien.
Du coup, j'ai remarqué que le service nmb que je ne connaissait pas était lui aussi arrêté. Une recherche rapide m'a permis de comprendre que c'est lui qui active la découverte par nom. Il n'y a effectivement aucun problème du côté de shorewall.
Et ça marche parfaitement cette fois. Les deux machines apparaissent dans Parcourir le réseau.Je t'ai fait perdre bêtement du temps, mais tu as résolu le problème. Un grand merci donc.
Maintenant je sais qu'il lancer smb ET nmb.
Édité par gustine Le 01/03/2019 à 14h31
Jybz Membre non connecté
-
- Voir le profil du membre Jybz
- Inscrit le : 10/10/2018
- Groupes :
-
Administrateur
-
Forgeron
Ça a été un plaisir !
(on m'a dit dans l'oreillette que j'ai dit des bêtises, que # service est obsolète, et qu'il faut utiliser # systemctl à la place !
)
Édité par Jybz Le 01/03/2019 à 16h48
vouf Membre non connecté
-
- Voir le profil du membre vouf
- Inscrit le : 16/08/2008
- Groupes :
Répondre
Vous n'êtes pas autorisé à écrire dans cette catégorie