Linode Forum

alex02_03_b · Joined: 27 Oct 2011 Posts: 5

Hello,

the repositories for updates are in there, but I get the following error with yum update all : "Cannot retrieve repository metadata (repomd.xml) for repository: virtualmin. Please verify its path and try again"

Can't telnet too: telnet software.virtualmin.com 80, gives:

telnet: connect to address 108.60.199.107: Connection timed out telnet: Unable to connect to remote host: Connection timed out #

Have you experienced a similar issue, or would you have an idea what to check?

At the virtualmin forum the chances to find the cause of these errors are low for the moment; https://www.virtualmin.com/node/11010

Your input is very much appreciated. Many thanks in advance.

I'm running CentOS Linux 5.7

Best regards,

Alex

hoopycat · Posted: Thu Oct 27, 2011 7:33 am Post subject:

Looks OK from where I am. Could you paste the output of 'mtr --report software.virtualmin.com' ? Should look something like:

Code: HOST: framboise Loss% Snt Last Avg Best Wrst StDev
1. 207.99.1.13 0.0% 10 0.4 2.1 0.4 11.4 3.7
2. 207.99.53.41 0.0% 10 0.7 0.6 0.4 1.1 0.2
3. vlan801.tbr1.mmu.nac.net 0.0% 10 0.4 0.3 0.3 0.4 0.1
4. 0.e1-1.tbr1.tl9.nac.net 0.0% 10 1.7 2.7 1.4 9.5 2.6
5. 0.e2-1.pr2.tl9.nac.net 0.0% 10 1.3 1.4 1.3 1.5 0.1
6. ny-iix.above.net 0.0% 10 1.8 1.7 1.6 1.8 0.1
7. xe-0-1-0.cr1.lga5.us.above.n 0.0% 10 2.5 4.4 1.8 26.1 7.6
8. xe-3-2-0.cr1.dca2.us.above.n 10.0% 10 10.5 26.6 8.5 75.3 19.6
9. xe-2-2-0.cr1.iah1.us.above.n 0.0% 10 47.4 46.7 39.3 51.5 3.9
10. xe-1-2-0.cr1.dfw2.us.above.n 0.0% 10 60.8 58.2 45.3 67.9 7.8
11. xe-0-0-0.er3.dfw2.us.above.n 0.0% 10 56.7 59.6 41.1 78.4 11.1
12. 64.124.193.221.t01263-01.abo 0.0% 10 55.2 56.3 46.1 69.2 7.3
13. 108.60.199.107 0.0% 10 52.2 53.7 43.0 63.5 6.9

alex02_03_b · Joined: 27 Oct 2011 Posts: 5

Doesn't look quiet the same unfortunately:

Code:
# mtr --report software.virtualmin.com
li48-10 Snt: 10 Loss% Last Avg Best Wrst StDev
#

Many thanks for your input.

hoopycat · Posted: Thu Oct 27, 2011 1:29 pm Post subject:

It looks like the traffic isn't leaving your Linode...

What do you get for:

Code: iptables -L -n -v
ip -4 route show

alex02_03_b · Joined: 27 Oct 2011 Posts: 5

For iptables -L -n -v, I get:

Code:
Chain INPUT (policy ACCEPT 818 packets, 162K bytes)
pkts bytes target prot opt in out source destination
1431 148K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 1.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 2.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 5.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 23.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 27.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 31.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 36.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 37.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 39.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 42.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 46.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 94.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 95.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 100.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 101.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 102.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 103.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 104.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 105.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 106.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 107.0.0.0/8 0.0.0.0/0
16 960 DROP all -- * * 108.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 109.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 110.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 111.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 112.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 113.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 114.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 115.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 173.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 174.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 175.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 176.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 177.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 178.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 179.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 180.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 181.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 182.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 183.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 184.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 185.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 186.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 187.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 197.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 223.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 240.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 241.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 242.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 243.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 244.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 245.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 246.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 247.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 248.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 249.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 250.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 251.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 252.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 253.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 254.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 255.0.0.0/8 0.0.0.0/0
2456 360K TMP_DROP all -- * * 0.0.0.0/0 0.0.0.0/0
2456 360K TALLOW all -- * * 0.0.0.0/0 0.0.0.0/0
2456 360K TDENY all -- * * 0.0.0.0/0 0.0.0.0/0
2456 360K TGALLOW all -- * * 0.0.0.0/0 0.0.0.0/0
2456 360K TGDENY all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
3 120 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1433
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1434
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1434
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1234
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1524
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1524
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3127
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3127
1707 223K IN_SANITY all -- * * 0.0.0.0/0 0.0.0.0/0
1706 222K FRAG_UDP all -- * * 0.0.0.0/0 0.0.0.0/0
1704 222K PZERO all -- * * 0.0.0.0/0 0.0.0.0/0
1702 221K IDENT all -- * * 0.0.0.0/0 0.0.0.0/0
1681 214K P2P all -- * * 0.0.0.0/0 0.0.0.0/0
1680 213K TELNET_LOG all -- * * 0.0.0.0/0 0.0.0.0/0
1680 213K SSH_LOG all -- * * 0.0.0.0/0 0.0.0.0/0
192 16320 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
758 66526 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
36 3533 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8181
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit: avg 30/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 30/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit: avg 30/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 30/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 30 limit: avg 30/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 30/sec burst 5
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
164 23072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
497 92663 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 97.107.133.4 0.0.0.0/0 udp spt:53 dpts:1023:65535
0 0 ACCEPT tcp -- * * 97.107.133.4 0.0.0.0/0 tcp spt:53 dpts:1023:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
0 0 ACCEPT udp -- * * 207.192.69.4 0.0.0.0/0 udp spt:53 dpts:1023:65535
0 0 ACCEPT tcp -- * * 207.192.69.4 0.0.0.0/0 tcp spt:53 dpts:1023:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
0 0 ACCEPT udp -- * * 207.192.69.5 0.0.0.0/0 udp spt:53 dpts:1023:65535
0 0 ACCEPT tcp -- * * 207.192.69.5 0.0.0.0/0 tcp spt:53 dpts:1023:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1023:65535 dpt:21 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 dpts:513:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:22 flags:0x17/0x02 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 state ESTABLISHED
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** IN_TCP DROP ** '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** IN_UDP DROP ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 810 packets, 58716 bytes)
pkts bytes target prot opt in out source destination
1431 148K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
142 6816 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 DROP all -- * * 0.0.0.0/0 1.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 2.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 5.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 23.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 27.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 31.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 36.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 37.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 39.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 42.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 46.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 94.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 95.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 100.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 101.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 102.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 103.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 104.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 105.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 106.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 107.0.0.0/8
20 960 DROP all -- * * 0.0.0.0/0 108.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 109.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 110.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 111.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 112.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 113.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 114.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 115.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 173.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 174.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 175.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 176.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 177.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 178.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 179.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 180.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 181.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 182.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 183.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 184.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 185.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 186.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 187.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 197.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 223.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 240.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 241.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 242.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 243.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 244.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 245.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 246.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 247.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 248.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 249.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 250.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 251.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 252.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 253.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 254.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 255.0.0.0/8
2387 1155K TMP_DROP all -- * * 0.0.0.0/0 0.0.0.0/0
2387 1155K TALLOW all -- * * 0.0.0.0/0 0.0.0.0/0
2387 1155K TDENY all -- * * 0.0.0.0/0 0.0.0.0/0
2387 1155K TGALLOW all -- * * 0.0.0.0/0 0.0.0.0/0
2387 1155K TGDENY all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1433
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1434
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1434
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1234
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1524
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1524
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3127
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3127
1641 1101K OUT_SANITY all -- * * 0.0.0.0/0 0.0.0.0/0
1640 1101K FRAG_UDP all -- * * 0.0.0.0/0 0.0.0.0/0
1638 1101K PZERO all -- * * 0.0.0.0/0 0.0.0.0/0
1636 1101K IDENT all -- * * 0.0.0.0/0 0.0.0.0/0
1615 1099K P2P all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
16 2305 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
133 7438 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:43
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8181
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21
506 36041 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/sec burst 5
919 1050K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 97.107.133.4 udp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 97.107.133.4 tcp spts:1023:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 97.107.133.4 udp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 97.107.133.4 tcp spts:1023:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 207.192.69.4 udp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 207.192.69.4 tcp spts:1023:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 207.192.69.4 udp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 207.192.69.4 tcp spts:1023:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 207.192.69.5 udp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 207.192.69.5 tcp spts:1023:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 207.192.69.5 udp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 207.192.69.5 tcp spts:1023:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1023:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** OUT_TCP DROP ** '
7 1210 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** OUT_UDP DROP ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
13 2098 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FRAG_UDP (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG udp -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** UDP Frag ** '
0 0 LOG udp -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP udp -f * * 0.0.0.0/0 0.0.0.0/0

Chain IDENT (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** IDENT ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:113 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** IDENT ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:113 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** IDENT ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:113 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** IDENT ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:113 reject-with icmp-port-unreachable

Chain IN_SANITY (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** RABHIT ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.255/0.0.0.255 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.255/0.0.0.255

Chain OUT_SANITY (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.255/0.0.0.255 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.255/0.0.0.255
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** SANITY ** '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0

Chain P2P (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:1214 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1214 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:1214 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:1214 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:1214 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:1214 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:1214 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:1214 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:2323 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2323 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:2323 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:2323 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:2323 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:2323 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:2323 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:2323 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpts:4660:4678 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpts:4660:4678 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:4660:4678 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:4660:4678 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpts:4660:4678 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpts:4660:4678 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:4660:4678 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:4660:4678 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:6257 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6257 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6257 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6257 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6257 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6257 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:6699 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6699 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6699 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6699 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6699 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6699 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:6346 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6346 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6346 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6346 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6346 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6346 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6346 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:6347 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6347 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6347 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6347 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6347 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6347 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6347 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6347 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpts:6881:6889 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:6881:6889 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpts:6881:6889 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:6881:6889 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:6346 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6346 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6346 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6346 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:6346 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6346 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:6346 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65534 dpt:7778 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7778 reject-with icmp-port-unreachable
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:7778 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:7778 dpts:1024:65534 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:7778 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65534 dpt:7778 reject-with icmp-port-unreachable
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:7778 dpts:1024:65534 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** P2P ** '
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:7778 dpts:1024:65534 reject-with icmp-port-unreachable

Chain PROHIBIT (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain PZERO (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** Port Zero ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** Port Zero ** '
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** Port Zero ** '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:0 limit: avg 30/min burst 5 LOG flags 0 level 2 prefix `** Port Zero ** '
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:0

Chain RESET (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset

Chain SSH_LOG (1 references)
pkts bytes target prot opt in out source destination
16 960 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW LOG flags 0 level 2 prefix `** SSH ** '

Chain TALLOW (2 references)
pkts bytes target prot opt in out source destination

Chain TDENY (2 references)
pkts bytes target prot opt in out source destination

Chain TELNET_LOG (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW LOG flags 0 level 2 prefix `** TELNET ** '

Chain TGALLOW (2 references)
pkts bytes target prot opt in out source destination

Chain TGDENY (2 references)
pkts bytes target prot opt in out source destination

Chain TMP_DROP (2 references)
pkts bytes target prot opt in out source destination

For ip -4 route show, the output is:

Code:
default via 66.246.76.1 dev eth0
66.246.76.0/24 dev eth0 proto kernel scope link src 66.246.76.10
169.254.0.0/16 dev eth0 scope link

Many thanks for your input.

NeonNero · Joined: 04 Jan 2005 Posts: 215 Location: Ålesund, Norway

Code: Chain OUTPUT (policy ACCEPT 810 packets, 58716 bytes)
pkts bytes target prot opt in out source destination

[ . . . ]

20 960 DROP all -- * * 0.0.0.0/0 108.0.0.0/8

This one would be the culprit, then. You have a lot of firewall rules here (blocking a lot of networks in either direction), but the one for OUTPUT to 108.0.0.0/8 is the reason you're unable to connect. The hostname software.virtualmin.com has the IP address 108.60.199.107, and would be covered by this rule.

hoopycat · Posted: Thu Oct 27, 2011 5:17 pm Post subject:

108/8 has been allocated since December 2008, so your firewall rules are extremely out of date in general. Other rules are inadvertently blocking two entire Linode datacenters and significant chunks of a couple others.

If you're going to bogon filter, you gotta update the bogon lists...

alex02_03_b · Joined: 27 Oct 2011 Posts: 5

Many thanks for sharing your insights and finding the culprit.
Very much appreciated.

Best regards,

Alex

Guspaz · Joined: 26 May 2009 Posts: 1150 Location: Montreal, QC

It's not just 108... Going through the firewall rules you've got blocking things, almost all of the /8 subnets you've blocked are valid routable subnets allocated to a major RIR... You're blocking something like 20% of the internet with all those rules.

alex02_03_b · Joined: 27 Oct 2011 Posts: 5

For iptables -L -n -v, I now get:

Code:
Chain INPUT (policy ACCEPT 49120 packets, 10M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 52205 packets, 7761K bytes)
pkts bytes target prot opt in out source destination

For ip -4 route show, I now get:

Code:
# ip -4 route show
default via 66.246.76.1 dev eth0
66.246.76.0/24 dev eth0 proto kernel scope link src 66.246.76.10
169.254.0.0/16 dev eth0 scope link
#

I reset the linux firewall from within virtualmin, so there's not much in the iptables.txt, updated apf to the latest version and reconfigured conf.apf.

I never had much trouble with the original settings I had, so I assume that something must have been causing these over-restrictive rules, although I don't know what.

Many thanks again for looking into this,
best regards,

Alex

arjones85 · Joined: 12 Oct 2009 Posts: 40

Since you are using virtualmin, just use the pre-built Virtualmin firewall rules.

You don't gain a whole lot using APF instead.