# iptables block samba [resolved]

## DaggyStyle

the headers says it all, I think I've got the rules right, something is still blocking samba

here is iptable rules:

```

# Generated by iptables-save v1.3.8 on Fri Jan 18 14:11:06 2008

*filter

:INPUT ACCEPT [5:952]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1192099:595387635]

# accept all from localhost

-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# ssh

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# ftp / webserver related

-A INPUT -p tcp -m state --state NEW --dport 20 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT

# Windows / Samba

-A INPUT -p udp -m state --state NEW --dport 137:138 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 139 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 426 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 445 -j ACCEPT

# up to 5 Bit-torrent connections

-A INPUT -p tcp -m state --state NEW --dport 6881:6886 -j ACCEPT

# reject everything else

-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT

# Completed on Fri Jan 18 14:11:06 2008

```

what did I do wrong?

----------

## Berty

As far as I remember, you need module ip_conntrack  to be loaded in order to trace machine states ( though I'm not sure ). Try to check if it's loaded.

----------

## DaggyStyle

yes, compile has module

here is the relevant .config

```

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

# CONFIG_NETFILTER_NETLINK is not set

CONFIG_NETFILTER_XTABLES=y

# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set

# CONFIG_NETFILTER_XT_TARGET_MARK is not set

# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set

CONFIG_NETFILTER_XT_TARGET_NFLOG=y

# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set

# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set

# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set

# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set

# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y

# CONFIG_NETFILTER_XT_MATCH_DCCP is not set

# CONFIG_NETFILTER_XT_MATCH_DSCP is not set

# CONFIG_NETFILTER_XT_MATCH_ESP is not set

# CONFIG_NETFILTER_XT_MATCH_HELPER is not set

# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set

# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set

# CONFIG_NETFILTER_XT_MATCH_MAC is not set

# CONFIG_NETFILTER_XT_MATCH_MARK is not set

CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y

# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set

# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set

# CONFIG_NETFILTER_XT_MATCH_REALM is not set

# CONFIG_NETFILTER_XT_MATCH_SCTP is not set

CONFIG_NETFILTER_XT_MATCH_STATE=y

# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set

# CONFIG_NETFILTER_XT_MATCH_STRING is not set

# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set

# CONFIG_NETFILTER_XT_MATCH_U32 is not set

# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set

CONFIG_NF_CONNTRACK_ENABLED=y

CONFIG_NF_CONNTRACK=y

CONFIG_NF_CT_ACCT=y

CONFIG_NF_CONNTRACK_MARK=y

CONFIG_NF_CONNTRACK_EVENTS=y

# CONFIG_NF_CT_PROTO_SCTP is not set

# CONFIG_NF_CT_PROTO_UDPLITE is not set

# CONFIG_NF_CONNTRACK_AMANDA is not set

CONFIG_NF_CONNTRACK_FTP=y

# CONFIG_NF_CONNTRACK_H323 is not set

CONFIG_NF_CONNTRACK_IRC=y

# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set

# CONFIG_NF_CONNTRACK_PPTP is not set

# CONFIG_NF_CONNTRACK_SANE is not set

# CONFIG_NF_CONNTRACK_SIP is not set

# CONFIG_NF_CONNTRACK_TFTP is not set

CONFIG_NF_CONNTRACK_IPV4=y

CONFIG_NF_CONNTRACK_PROC_COMPAT=y

# CONFIG_IP_NF_QUEUE is not set

CONFIG_IP_NF_IPTABLES=y

# CONFIG_IP_NF_MATCH_IPRANGE is not set

# CONFIG_IP_NF_MATCH_TOS is not set

# CONFIG_IP_NF_MATCH_RECENT is not set

# CONFIG_IP_NF_MATCH_ECN is not set

# CONFIG_IP_NF_MATCH_AH is not set

# CONFIG_IP_NF_MATCH_TTL is not set

# CONFIG_IP_NF_MATCH_OWNER is not set

# CONFIG_IP_NF_MATCH_ADDRTYPE is not set

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_REJECT=y

# CONFIG_IP_NF_TARGET_LOG is not set

# CONFIG_IP_NF_TARGET_ULOG is not set

CONFIG_NF_NAT=y

CONFIG_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

# CONFIG_IP_NF_TARGET_REDIRECT is not set

# CONFIG_IP_NF_TARGET_NETMAP is not set

# CONFIG_IP_NF_TARGET_SAME is not set

# CONFIG_NF_NAT_SNMP_BASIC is not set

CONFIG_NF_NAT_FTP=y

CONFIG_NF_NAT_IRC=y

# CONFIG_NF_NAT_TFTP is not set

# CONFIG_NF_NAT_AMANDA is not set

# CONFIG_NF_NAT_PPTP is not set

# CONFIG_NF_NAT_H323 is not set

# CONFIG_NF_NAT_SIP is not set

# CONFIG_IP_NF_MANGLE is not set

# CONFIG_IP_NF_RAW is not set

# CONFIG_IP_NF_ARPTABLES is not set

# CONFIG_NF_CONNTRACK_IPV6 is not set

# CONFIG_IP6_NF_QUEUE is not set

# CONFIG_IP6_NF_IPTABLES is not set

```

----------

## DaggyStyle

apparently this:

```

-A INPUT -j REJECT --reject-with icmp-port-unreachable
```

was the problem.

I'll mark it has solved.[/code]

----------

## coolsnowmen

are you removing that line, (the one that says 'else reject')

doesn't that defeat the purpose of having a firewall?

----------

## schachti

 *coolsnowmen wrote:*   

> doesn't that defeat the purpose of having a firewall?

 

Of course it does. Without that line, iptables does the following:

* if from localhost: ACCEPT

* if from established connection: ACCEPT

* ...

* else: ACCEPT

So without the reject line, everything is accepted.

----------

## DaggyStyle

ok, then it is reopened, can you guys help me sort it out?

----------

## Hu

Please use net-analyzer/tcpdump to capture some traffic sent from the Windows system.  Run it as tcpdump -i any -v -n.  Post the output.

Also, did you intend to offer Samba service to the Internet?  You have rules for BitTorrent, which is typically an Internet facing service, so I assume this box is directly on the Internet.

----------

## DaggyStyle

the box is connected to a local network which is connected to the net, I want to use it has a share to the local network

here is less than a second output:

```

tcpdump: WARNING: Promiscuous mode not supported on the "any" device

tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

20:02:50.287980 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 64) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 36

20:02:50.297206 IP (tos 0x0, ttl 128, id 53081, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:50.297375 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96) 132.72.150.211.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

20:02:50.311276 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:50.313301 arp who-has 132.72.148.254 tell 132.72.149.108

20:02:50.345933 IP (tos 0x0, ttl 128, id 15219, offset 0, flags [none], proto UDP (17), length 242) 132.72.149.111.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:50.360993 IP6 (hlim 1, next-header UDP (17) payload length: 35) fe80::798c:1920:9655:8a18.58295 > ff02::1:3.5355: [udp sum ok] UDP, length 27

20:02:50.387821 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:50.388990 arp who-has 132.72.148.59 tell 132.72.151.249

20:02:50.420601 arp who-has 132.72.148.80 tell 132.72.150.45

20:02:50.442846 arp who-has 132.72.148.80 tell 132.72.149.54

20:02:50.554555 IP (tos 0x0, ttl 128, id 30053, offset 0, flags [none], proto UDP (17), length 202) 132.72.148.173.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:50.568188 IP (tos 0x0, ttl 128, id 63783, offset 0, flags [DF], proto TCP (6), length 48) 132.72.149.184.4057 > 132.72.148.243.139: S, cksum 0x6c4e (correct), 2419409659:2419409659(0) win 65535 <mss 1460,nop,nop,sackOK>

20:02:50.568238 IP (tos 0xc0, ttl 64, id 11688, offset 0, flags [none], proto ICMP (1), length 76) 132.72.148.243 > 132.72.149.184: ICMP 132.72.148.243 tcp port 139 unreachable, length 56

        IP (tos 0x0, ttl 128, id 63783, offset 0, flags [DF], proto TCP (6), length 48) 132.72.149.184.4057 > 132.72.148.243.139: S, cksum 0x6c4e (correct), 2419409659:2419409659(0) win 65535 <mss 1460,nop,nop,sackOK>

20:02:50.570045 IP (tos 0x0, ttl 128, id 30056, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.173.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:50.579269 IP (tos 0x0, ttl 128, id 31944, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.169.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:50.580460 arp who-has 132.72.149.41 tell 132.72.148.242

20:02:50.655414 IP (tos 0x0, ttl 128, id 11749, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.156.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:50.657869 IP (tos 0x0, ttl 128, id 25849, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.195.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:50.657879 arp who-has 132.72.148.254 tell 132.72.148.93

20:02:50.666117 IP (tos 0x0, ttl 128, id 1785, offset 0, flags [none], proto UDP (17), length 96) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

20:02:50.673565 IP (tos 0x0, ttl 128, id 6857, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.160.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:50.789784 arp who-has 132.72.148.254 tell 132.72.149.44

20:02:50.809217 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:50.815183 arp who-has 132.72.148.80 tell 132.72.148.188

20:02:50.829382 arp who-has 132.72.148.80 tell 132.72.151.15

20:02:50.850856 IP (tos 0x0, ttl 128, id 53832, offset 0, flags [none], proto UDP (17), length 229) 132.72.149.254.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:50.887768 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:50.898416 arp who-has 132.72.148.80 tell 132.72.150.253

20:02:50.918121 IP6 (hlim 1, next-header UDP (17) payload length: 32) fe80::5cde:937b:9572:2a25.57706 > ff02::1:3.5355: [udp sum ok] UDP, length 24

20:02:50.938481 arp who-has 132.72.149.68 tell 132.72.150.36

20:02:50.941686 arp who-has 132.72.148.80 tell 132.72.150.36

20:02:50.943109 arp who-has 132.72.150.36 tell 132.72.148.80

20:02:50.978031 IP (tos 0x0, ttl 128, id 21411, offset 0, flags [none], proto UDP (17), length 233) 132.72.148.209.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.018113 IP6 (hlim 1, next-header UDP (17) payload length: 32) fe80::5cde:937b:9572:2a25.57706 > ff02::1:3.5355: [udp sum ok] UDP, length 24

20:02:51.019834 arp who-has 132.72.148.80 tell 132.72.150.25

20:02:51.046438 IP (tos 0x0, ttl 128, id 53086, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.099071 IP (tos 0x0, ttl 128, id 852, offset 0, flags [none], proto UDP (17), length 202) 132.72.148.253.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.099306 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220) 132.72.148.243.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.122110 IP (tos 0x0, ttl 128, id 855, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.253.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.218330 IP (tos 0x0, ttl 128, id 1794, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.218506 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96) 132.72.150.211.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

20:02:51.253876 arp who-has 132.72.149.48 tell 132.72.148.242

20:02:51.289212 IP (tos 0x0, ttl 128, id 11433, offset 0, flags [none], proto UDP (17), length 202) 132.72.149.46.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.303099 IP (tos 0x0, ttl 128, id 11436, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.46.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.310038 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:51.319976 IP (tos 0x0, ttl 128, id 30057, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.173.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.343432 IP (tos 0x0, ttl 128, id 31945, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.169.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.368929 arp who-has 132.72.148.80 tell 132.72.150.240

20:02:51.387709 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:51.394919 arp who-has 132.72.148.59 tell 132.72.151.249

20:02:51.405329 IP (tos 0x0, ttl 128, id 11750, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.156.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.408045 IP (tos 0x0, ttl 128, id 25868, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.195.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.416269 IP (tos 0x0, ttl 128, id 1796, offset 0, flags [none], proto UDP (17), length 96) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

20:02:51.480844 IP (tos 0x0, ttl 128, id 44107, offset 0, flags [none], proto UDP (17), length 229) 132.72.151.121.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.488357 arp who-has 132.72.148.80 tell 132.72.149.116

20:02:51.580402 arp who-has 132.72.149.45 tell 132.72.148.242

20:02:51.592130 IP (tos 0x0, ttl 128, id 17541, offset 0, flags [none], proto UDP (17), length 229) 132.72.150.52.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.660137 arp who-has 132.72.148.80 tell 132.72.150.213

20:02:51.667780 arp who-has 132.72.150.75 tell 132.72.149.31

20:02:51.686789 IP (tos 0x0, ttl 128, id 13489, offset 0, flags [none], proto UDP (17), length 229) 132.72.149.183.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:51.703321 IPX 11111111.00:14:22:c8:ce:3d.0453 > 11111111.ff:ff:ff:ff:ff:ff.0453: ipx-rip-resp 3699396654/1.2

20:02:51.713947 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 64) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 36

20:02:51.763918 arp who-has 132.72.148.80 tell 132.72.148.210

20:02:51.778436 arp who-has 132.72.148.80 tell 132.72.148.190

20:02:51.787656 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 64) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 36

20:02:51.796726 IP (tos 0x0, ttl 128, id 53088, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.812915 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:51.872054 IP (tos 0x0, ttl 128, id 856, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.253.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:51.888039 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:51.961818 arp who-has 132.72.148.210 tell 132.72.148.80

20:02:51.968020 IP (tos 0x0, ttl 128, id 1810, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.046133 arp who-has 132.72.148.80 tell 132.72.149.208

20:02:52.052986 IP (tos 0x0, ttl 128, id 11437, offset 0, flags [none], proto UDP (17), length 78) 132.72.149.46.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.066038 IP (tos 0x0, ttl 128, id 37706, offset 0, flags [none], proto UDP (17), length 229) 132.72.149.19.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:52.069842 IP (tos 0x0, ttl 128, id 30058, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.173.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.079315 arp who-has 132.72.148.80 tell 132.72.150.38

20:02:52.107716 IP (tos 0x0, ttl 128, id 31946, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.169.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.139842 arp who-has 132.72.148.80 tell 132.72.149.164

20:02:52.158058 arp who-has 132.72.148.80 tell 132.72.149.124

20:02:52.167033 IP (tos 0x0, ttl 128, id 1812, offset 0, flags [none], proto UDP (17), length 96) 132.72.148.80.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

20:02:52.167234 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96) 132.72.150.211.137 > 132.72.151.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

20:02:52.263651 arp who-has 132.72.148.80 tell 132.72.148.160

20:02:52.306267 arp who-has 132.72.148.80 tell 132.72.149.52

20:02:52.307548 arp who-has 132.72.148.80 tell 132.72.150.94

20:02:52.307898 arp who-has 132.72.148.80 tell 132.72.148.202

20:02:52.315249 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:52.373127 arp who-has 132.72.148.80 tell 132.72.148.229

20:02:52.387585 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 65) 0.0.0.0.8116 > 132.72.148.0.8116: UDP, length 37

20:02:52.388371 IP (tos 0x0, ttl 128, id 8748, offset 0, flags [none], proto UDP (17), length 202) 132.72.148.162.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:52.391623 arp who-has 132.72.148.59 tell 132.72.151.249

20:02:52.403822 IP (tos 0x0, ttl 128, id 8751, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.162.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.440684 IP (tos 0x0, ttl 128, id 1795, offset 0, flags [none], proto UDP (17), length 202) 132.72.150.57.138 > 132.72.151.255.138: NBT UDP PACKET(138)

20:02:52.456065 IP (tos 0x0, ttl 128, id 1798, offset 0, flags [none], proto UDP (17), length 78) 132.72.150.57.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.467506 arp who-has 132.72.148.80 tell 132.72.148.217

20:02:52.518221 arp who-has 132.72.148.190 tell 132.72.148.80

20:02:52.550523 IP (tos 0x0, ttl 128, id 53089, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.550576 IP (tos 0x0, ttl 128, id 53090, offset 0, flags [none], proto UDP (17), length 78) 132.72.148.78.137 > 132.72.151.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

20:02:52.554433 arp who-has 132.72.148.80 tell 132.72.148.145

```

thanks for the help.

----------

## DaggyStyle

ok, alittle update after thinking of the samba openness, I've decided to limit samba to 2 networks, here are the new iptables rules:

```

# Generated by iptables-save v1.3.8 on Fri Jan 18 14:11:06 2008

*filter

:INPUT ACCEPT [5:952]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1192099:595387635]

# accept all from localhost

-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# ssh

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# ftp / webserver related

-A INPUT -p tcp -m state --state NEW --dport 20 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT

# Windows / Samba

-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 135 -j ACCEPT

-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 139 -j ACCEPT

-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p udp -m udp -m state --state NEW --dport 137:138 -j ACCEPT

-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 426 -j ACCEPT

-A INPUT -s 132.72.0.0/0,192.168.114.0/0 -p tcp -m tcp -m state --state NEW --dport 445 -j ACCEPT

# up to 5 Bit-torrent connections

-A INPUT -p tcp -m state --state NEW --dport 6881:6886 -j ACCEPT

#else

-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT

# Completed on Fri Jan 18 14:11:06 2008

```

on the bright side, output of iptables -nvL -t filter shows this:

```

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    6   486 ACCEPT     all  --  *      *       127.0.0.1            0.0.0.0/0

 4979 4800K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:20

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:135 state NEW

  177  8556 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 state NEW

 4009  455K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:138 state NEW

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:426 state NEW

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 state NEW

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:6881:6886

  469  196K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 5940 packets, 468K bytes)

 pkts bytes target     prot opt in     out     source               destination

```

which on the  137:138 and 139 lines it was 0 accepted, but still I cant seem to connect.

here is a new output of  tcpdump -i any -v -n 

http://pastebin.com/m5b997839

one more thing, I've added this to smb.conf:

```

   hosts deny = ALL

   hosts allow = 192.168.114 132.72

```

what is the next step?

----------

## Hu

That is an amazingly noisy network.  Are other users actively using the network when you run this capture?

I see a large volume of UDP messages sent from :137 to a high port.  These packets are rejected with an ICMP port unreachable.  It is difficult to say whether this is because no process is listening or because the packet matched your REJECT target.  The sheer volume of packets to examine makes deep inspection impractical.

----------

## DaggyStyle

it's a very busy network, I've seted the 137 udp has opened, how can it be rejecting it? is it related to the samba port selection in smb.conf?

----------

## DaggyStyle

reviewing the log again shows that these ports 54355, 33793, 32857 are mostly used, but the following is strange 

===============================================================================================================

# 09:45:01.544670 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 90) 132.72.148.243.137 > 132.72.148.243.32857: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST

# 09:45:01.544692 IP (tos 0xc0, ttl 64, id 32832, offset 0, flags [none], proto ICMP (1), length 118) 132.72.148.243 > 132.72.148.243: ICMP 132.72.148.243 udp port 32857 unreachable, length 98

===============================================================================================================

is this the problematic port?

----------

## Hu

 *DaggyStyle wrote:*   

> it's a very busy network, I've seted the 137 udp has opened, how can it be rejecting it? is it related to the samba port selection in smb.conf?

 

You configured the firewall to send that message for any traffic that is rejected.

Those ports are all ephemeral.  The system is choosing them automatically.  The real question is why that traffic is not being classified as ESTABLISHED.

Run the test again on a quieter network.  There is too much noise here to pick out the problems without wading through pages of unrelated traffic.

----------

## DaggyStyle

unfortunately, this can take alot of time cause I wont be getting home soon

if I'll set a two computers network, will it work?

does it matte if it will be win to Linux or linux to linux?

----------

## Hu

The host systems involved should not matter, unless it affects the exchange in such a way that your firewall rules permit one interaction and deny the other.  I doubt such a situation will occur.

----------

## DaggyStyle

I've been able to setup the logging feature, here is the output:

```

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46538 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46550 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:d3:61:d2:be:08:00 SRC=132.72.150.22 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22361 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21187 PROTO=UDP SPT=62263 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:d3:61:d2:be:08:00 SRC=132.72.150.22 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22364 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:4a:fe:ae:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=316

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46555 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44010 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35648 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44015 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35651 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:4a:fe:ae:08:00 SRC=132.72.148.255 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=38 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46563 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:60:c0:04:38:08:00 SRC=132.72.150.47 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26257 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:60:c0:04:38:08:00 SRC=132.72.150.47 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26261 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46581 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21200 PROTO=UDP SPT=62264 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:c3:d6:91:08:00 SRC=132.72.150.97 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26687 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28018 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46590 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:c3:d6:91:08:00 SRC=132.72.150.97 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26692 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1009 DF PROTO=2

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28020 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:6c:ea:16:f8:08:00 SRC=132.72.148.188 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=13783 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=63537 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:2a:e3:dd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=46085 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:2a:e3:dd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=46086 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:2a:e3:dd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=46087 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=63571 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46603 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:24:45:1b:f7:08:00 SRC=132.72.149.57 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=287 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46606 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21214 PROTO=UDP SPT=62265 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46614 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35715 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35716 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=22620 PROTO=UDP SPT=55661 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46620 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46629 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21262 PROTO=UDP SPT=62271 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64084 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46642 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:02:55:30:20:4b:08:00 SRC=132.72.148.200 DST=224.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=21611 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64091 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1010 DF PROTO=2

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=14363 PROTO=UDP SPT=55698 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46659 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28474 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=28475 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35755 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:00:10:a1:61:dc:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=32117 PROTO=UDP SPT=68 DPT=67 LEN=310

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:3f:69:28:bd:08:00 SRC=132.72.148.219 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=35758 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46675 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21282 PROTO=UDP SPT=62272 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:56:79:6e:c8:08:00 SRC=132.72.151.72 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=38594 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:02:04:86:16:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=310

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46678 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=24388 PROTO=UDP SPT=55705 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46684 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46693 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21295 PROTO=UDP SPT=62273 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46695 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1011 DF PROTO=2

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:c9:74:3c:08:00 SRC=132.72.149.236 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22502 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=64397 PROTO=UDP SPT=55728 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:c9:74:3c:08:00 SRC=132.72.149.236 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=22503 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46957 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=49263 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=49264 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=49265 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=46960 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21310 PROTO=UDP SPT=62274 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47004 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30101 PROTO=UDP SPT=57623 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:03:37:1c:08:00 SRC=132.72.149.30 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=31508 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:16:e6:35:9b:ab:08:00 SRC=132.72.149.167 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=10837 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:03:37:1c:08:00 SRC=132.72.149.30 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=31512 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=24456 PROTO=UDP SPT=55729 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47028 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:09:34:b0:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=16088 PROTO=UDP SPT=68 DPT=67 LEN=310

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:09:34:b0:08:00 SRC=132.72.149.44 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=16168 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:6b:bf:c4:bb:08:00 SRC=132.72.150.18 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=13856 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:6b:bf:c4:bb:08:00 SRC=132.72.150.18 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=13863 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47057 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21323 PROTO=UDP SPT=62275 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47066 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30265 PROTO=UDP SPT=57624 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:aa:bc:00:75:c4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=332 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=312

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:6c:e9:b7:37:08:00 SRC=132.72.150.127 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=27817 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:aa:bc:00:75:c4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:aa:bc:00:75:c4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=338 TOS=0x00 PREC=0x00 TTL=128 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=318

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=58015 PROTO=UDP SPT=55744 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:6c:e9:b7:37:08:00 SRC=132.72.150.127 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=27824 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29318 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=29568 PROTO=UDP SPT=68 DPT=67 LEN=316

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29570 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=342 TOS=0x00 PREC=0x00 TTL=128 ID=29571 PROTO=UDP SPT=68 DPT=67 LEN=322

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1012 DF PROTO=2

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47080 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:eb:2f:f3:c2:08:00 SRC=132.72.150.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29323 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:b9:89:37:76:08:00 SRC=132.72.149.126 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=29729 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47112 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21368 PROTO=UDP SPT=62281 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:09:34:b0:08:00 SRC=132.72.149.44 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=17287 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47118 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30269 PROTO=UDP SPT=57625 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=5195 PROTO=UDP SPT=55745 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47124 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:19:81:f1:08:00 SRC=132.72.148.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=6273 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:19:81:f1:08:00 SRC=132.72.148.205 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=6274 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:00:10:a1:61:dc:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=330 TOS=0x00 PREC=0x00 TTL=128 ID=32138 PROTO=UDP SPT=68 DPT=67 LEN=310

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47128 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21381 PROTO=UDP SPT=62282 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47129 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=556

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=556

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30274 PROTO=UDP SPT=57626 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=3 PROTO=UDP SPT=68 DPT=67 LEN=556

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=11881 PROTO=UDP SPT=55766 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47145 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1013 DF PROTO=2

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:14:85:1f:55:0f:08:00 SRC=132.72.149.74 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=47454 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47150 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21395 PROTO=UDP SPT=62283 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:14:85:1f:55:0f:08:00 SRC=132.72.149.74 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=47455 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=348 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=328

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=354 TOS=0x00 PREC=0x00 TTL=128 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=334

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:66:7f:5c:dd:08:00 SRC=192.168.100.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=57005 PROTO=UDP SPT=67 DPT=68 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44296 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47154 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30307 PROTO=UDP SPT=57627 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cc:07:45:08:00 SRC=132.72.151.151 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=44302 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:4a:fe:ae:08:00 SRC=132.72.148.255 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1812 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=4937 PROTO=UDP SPT=55775 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cb:c2:9d:08:00 SRC=132.72.149.140 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=477 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64408 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:cb:c2:9d:08:00 SRC=132.72.149.140 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=478 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47168 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:e4:26:8c:8a:08:00 SRC=132.72.150.83 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=64417 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47169 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:24:dc:d1:e2:08:00 SRC=132.72.148.247 DST=255.255.255.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=21408 PROTO=UDP SPT=62284 DPT=2222 LEN=114

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=132.72.148.153 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=70 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:23:04:29:48:08:00 SRC=132.72.148.153 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=71 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47173 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:78:51:e0:08:00 SRC=132.72.150.121 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4995 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:f2:26:98:61:08:00 SRC=132.72.149.1 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=30308 PROTO=UDP SPT=57628 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:78:51:e0:08:00 SRC=132.72.150.121 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4996 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:7d:6f:1e:08:00 SRC=132.72.151.104 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26608 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:b4:9d:34:08:00 SRC=132.72.148.158 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=52722 PROTO=UDP SPT=55776 DPT=2222 LEN=160

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:7d:6f:1e:08:00 SRC=132.72.151.104 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=26609 PROTO=UDP SPT=68 DPT=67 LEN=308

Rejected: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:b0:0e:e0:b1:08:00 SRC=132.72.150.240 DST=132.72.151.255 LEN=1388 TOS=0x00 PREC=0x00 TTL=128 ID=47178 PROTO=UDP SPT=6646 DPT=6646 LEN=1368

Rejected: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1b:9e:6f:4d:1f:08:00 SRC=10.0.0.138 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=1014 DF PROTO=2

```

if I add a accept rule for sport 68 and dport 67 I see the sub networks, but entering them is rejected, I dont think that I need to set up all these ports,  it does not make any sense.

----------

## DaggyStyle

solved! thanks to the iptables mailing list, I've added this:

```

/sbin/iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

```

thanks for the help

----------

## schachti

Did they give any reason for this? The policy of the output chain was already set to ACCEPT, so why should one explicitly allow those packets?

----------

## DaggyStyle

they where intrigued too, apparently, I think that the connections that weren't new were ignored somehow

----------

