Ross,<br>Thanks a lot, changing the RESERVED_IPS in /usr/sbin/firehol fixed it. Upgrading is a lot more work because I'm on a Gentoo system and it automatically takes care of that with portage and emerge. So I'd rather not go that route. But Thanks again, now it works great!
<br><br><div><span class="gmail_quote">On 12/12/06, <b class="gmail_sendername">Ross Smith</b> <<a href="mailto:fireholspam@netebb.com">fireholspam@netebb.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Logan,<br><br>You're using an old (pre Jan 18 21:20:28 2006-CVS) version of firehol:<br><br>> RETURN all -- <a href="http://h-74-0-0-0.dllatx37.covad.net/7">h-74-0-0-0.dllatx37.covad.net/7</a><br>> <<a href="http://h-74-0-0-0.dllatx37.covad.net/7">
http://h-74-0-0-0.dllatx37.covad.net/7</a>> anywhere<br><br>Please update to the HEAD version in CVS, or change line that begins<br><br>RESERVED_IPS=<br><br>to read<br><br>RESERVED_IPS="<a href="http://0.0.0.0/7">
0.0.0.0/7</a> <a href="http://2.0.0.0/8">2.0.0.0/8</a> <a href="http://5.0.0.0/8">5.0.0.0/8</a> <a href="http://7.0.0.0/8">7.0.0.0/8</a> <a href="http://23.0.0.0/8">23.0.0.0/8</a><br><a href="http://27.0.0.0/8">27.0.0.0/8
</a> <a href="http://31.0.0.0/8">31.0.0.0/8</a> <a href="http://36.0.0.0/7">36.0.0.0/7</a> <a href="http://39.0.0.0/8">39.0.0.0/8</a> <a href="http://42.0.0.0/8">42.0.0.0/8</a> <a href="http://92.0.0.0/6">92.0.0.0/6</a><br>
<a href="http://100.0.0.0/6">100.0.0.0/6</a> <a href="http://104.0.0.0/5">104.0.0.0/5</a> <a href="http://112.0.0.0/5">112.0.0.0/5</a> <a href="http://120.0.0.0/8">120.0.0.0/8</a> <a href="http://127.0.0.0/8">127.0.0.0/8</a>
<a href="http://173.0.0.0/8">173.0.0.0/8</a><br><a href="http://174.0.0.0/7">174.0.0.0/7</a> <a href="http://176.0.0.0/5">176.0.0.0/5</a> <a href="http://184.0.0.0/6">184.0.0.0/6</a> <a href="http://197.0.0.0/8">197.0.0.0/8
</a> <a href="http://223.0.0.0/8">223.0.0.0/8</a> <a href="http://240.0.0.0/4">240.0.0.0/4</a> "<br><br>as per<br><br><a href="http://firehol.cvs.sourceforge.net/firehol/firehol/firehol.sh?annotate=HEAD#l324">http://firehol.cvs.sourceforge.net/firehol/firehol/firehol.sh?annotate=HEAD#l324
</a><br><br>-Ross<br><br>Logan Anteau wrote On 12/12/2006 1:28 PM -0800:<br>> Carlos,<br>> I checked what you suggested and none of that seems to be the issue. I<br>> don't even have any of those variables set up. I don't know if this
<br>> would help you at all but here is my iptables -L:<br>><br>> Chain INPUT (policy DROP)<br>> target prot opt source destination<br>> ACCEPT all -- anywhere anywhere<br>
> in_home all -- <a href="http://10.0.0.0/16">10.0.0.0/16</a> <<a href="http://10.0.0.0/16">http://10.0.0.0/16</a>> <a href="http://10.0.0.1">10.0.0.1</a><br>> <<a href="http://10.0.0.1">http://10.0.0.1
</a>><br>> in_home all -- <a href="http://10.0.0.0/16">10.0.0.0/16</a> <<a href="http://10.0.0.0/16">http://10.0.0.0/16</a>><br>> <a href="http://10.0.255.255">10.0.255.255</a> <<a href="http://10.0.255.255">
http://10.0.255.255</a>><br>> in_internet all -- anywhere anywhere<br>> ACCEPT all -- anywhere anywhere state RELATED<br>> LOG all -- anywhere anywhere limit: avg
<br>> 1/sec burst 5 LOG level warning prefix `'IN-unknown:''<br>> DROP all -- anywhere anywhere<br>><br>> Chain FORWARD (policy DROP)<br>> target prot opt source destination
<br>> in_internet2lan all -- anywhere <a href="http://10.0.0.0/16">10.0.0.0/16</a><br>> <<a href="http://10.0.0.0/16">http://10.0.0.0/16</a>><br>> out_internet2lan all -- <a href="http://10.0.0.0/16">
10.0.0.0/16</a> <<a href="http://10.0.0.0/16">http://10.0.0.0/16</a>><br>> anywhere<br>> ACCEPT all -- anywhere anywhere state RELATED<br>> LOG all -- anywhere anywhere limit: avg
<br>> 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''<br>> DROP all -- anywhere anywhere<br>><br>> Chain OUTPUT (policy DROP)<br>> target prot opt source destination
<br>> ACCEPT all -- anywhere anywhere<br>> out_home all -- <a href="http://10.0.0.1">10.0.0.1</a> <<a href="http://10.0.0.1">http://10.0.0.1</a>> <a href="http://10.0.0.0/16">
10.0.0.0/16</a><br>> <<a href="http://10.0.0.0/16">http://10.0.0.0/16</a>><br>> out_home all -- <a href="http://10.0.255.255">10.0.255.255</a> <<a href="http://10.0.255.255">http://10.0.255.255</a>><br>
> <a href="http://10.0.0.0/16">10.0.0.0/16</a> <<a href="http://10.0.0.0/16">http://10.0.0.0/16</a>><br>> out_internet all -- anywhere anywhere<br>> ACCEPT all -- anywhere anywhere state RELATED
<br>> LOG all -- anywhere anywhere limit: avg<br>> 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''<br>> DROP all -- anywhere anywhere<br>><br>> Chain in_home (2 references)
<br>> target prot opt source destination<br>> in_home_all_s1 all -- anywhere anywhere<br>> in_home_irc_s2 all -- anywhere anywhere<br>> in_home_ftp_s3 all -- anywhere anywhere
<br>> in_home_all_c4 all -- anywhere anywhere<br>> in_home_irc_c5 all -- anywhere anywhere<br>> in_home_ftp_c6 all -- anywhere anywhere<br>> ACCEPT all -- anywhere anywhere state RELATED
<br>> LOG tcp -- anywhere anywhere limit: avg<br>> 1/sec burst 5 LOG level warning prefix `''IN-home':''<br>> REJECT tcp -- anywhere anywhere reject-with
<br>> tcp-reset<br>> LOG all -- anywhere anywhere limit: avg<br>> 1/sec burst 5 LOG level warning prefix `''IN-home':''<br>> REJECT all -- anywhere anywhere reject-with
<br>> icmp-port-unreachable<br>><br>> Chain in_home_all_c4 (1 references)<br>> target prot opt source destination<br>> ACCEPT all -- anywhere anywhere state<br>
> ESTABLISHED<br>><br>> Chain in_home_all_s1 (1 references)<br>> target prot opt source destination<br>> ACCEPT all -- anywhere anywhere state<br>> NEW,ESTABLISHED
<br>><br>> Chain in_home_ftp_c6 (1 references)<br>> target prot opt source destination<br>> ACCEPT tcp -- anywhere anywhere tcp spt:ftp<br>> dpts:1024:4999 state ESTABLISHED
<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spt:ftp-data dpts:1024:4999 state RELATED,ESTABLISHED<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spts:1024:65535 dpts:1024:4999 state ESTABLISHED
<br>><br>> Chain in_home_ftp_s3 (1 references)<br>> target prot opt source destination<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spts:1024:65535 dpt:ftp-data state ESTABLISHED<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spts:1024:65535 dpts:1024:4999 state RELATED,ESTABLISHED
<br>><br>> Chain in_home_irc_c5 (1 references)<br>> target prot opt source destination<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spt:ircd dpts:1024:4999 state ESTABLISHED
<br>><br>> Chain in_home_irc_s2 (1 references)<br>> target prot opt source destination<br>> ACCEPT tcp -- anywhere anywhere tcp<br>> spts:1024:65535 dpt:ircd state NEW,ESTABLISHED
<br>><br>> Chain in_internet (1 references)<br>> target prot opt source destination<br>> RETURN all -- <a href="http://0.0.0.0/7">0.0.0.0/7</a> <<a href="http://0.0.0.0/7">http://0.0.0.0/7
</a>><br>> anywhere<br>> RETURN all -- <a href="http://2.0.0.0/8">2.0.0.0/8</a> <<a href="http://2.0.0.0/8">http://2.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://5.0.0.0/8">
5.0.0.0/8</a> <<a href="http://5.0.0.0/8">http://5.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://7.0.0.0/8">7.0.0.0/8</a> <<a href="http://7.0.0.0/8">http://7.0.0.0/8</a>><br>> anywhere
<br>> RETURN all -- <a href="http://23.0.0.0/8">23.0.0.0/8</a> <<a href="http://23.0.0.0/8">http://23.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://27.0.0.0/8">27.0.0.0/8</a> <
<a href="http://27.0.0.0/8">http://27.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://31.0.0.0/8">31.0.0.0/8</a> <<a href="http://31.0.0.0/8">http://31.0.0.0/8</a>><br>> anywhere<br>> RETURN all --
<a href="http://36.0.0.0/7">36.0.0.0/7</a> <<a href="http://36.0.0.0/7">http://36.0.0.0/7</a>><br>> anywhere<br>> RETURN all -- <a href="http://39.0.0.0/8">39.0.0.0/8</a> <<a href="http://39.0.0.0/8">
http://39.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://41.0.0.0/8">41.0.0.0/8</a> <<a href="http://41.0.0.0/8">http://41.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://42.0.0.0/8">
42.0.0.0/8</a> <<a href="http://42.0.0.0/8">http://42.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://73.0.0.0/8">73.0.0.0/8</a> <<a href="http://73.0.0.0/8">http://73.0.0.0/8</a>><br>
> anywhere<br>> RETURN all -- <a href="http://h-74-0-0-0.dllatx37.covad.net/7">h-74-0-0-0.dllatx37.covad.net/7</a><br>> <<a href="http://h-74-0-0-0.dllatx37.covad.net/7">http://h-74-0-0-0.dllatx37.covad.net/7
</a>> anywhere<br>> RETURN all -- <a href="http://mo-76-0-0-0.dhcp.embarqhsd.net/6">mo-76-0-0-0.dhcp.embarqhsd.net/6</a><br>> <<a href="http://mo-76-0-0-0.dhcp.embarqhsd.net/6">http://mo-76-0-0-0.dhcp.embarqhsd.net/6
</a>> anywhere<br>> RETURN all -- <a href="http://89.0.0.0/8">89.0.0.0/8</a> <<a href="http://89.0.0.0/8">http://89.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <a href="http://AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7">
AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7</a><br>> <<a href="http://AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7">http://AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7</a>><br>> anywhere<br>> RETURN all --
<a href="http://92.0.0.0/6">92.0.0.0/6</a> <<a href="http://92.0.0.0/6">http://92.0.0.0/6</a>><br>> anywhere<br>> RETURN all -- <a href="http://96.0.0.0/3">96.0.0.0/3</a> <<a href="http://96.0.0.0/3">
http://96.0.0.0/3</a>><br>> anywhere<br>> RETURN all -- <a href="http://173.0.0.0/8">173.0.0.0/8</a> <<a href="http://173.0.0.0/8">http://173.0.0.0/8</a>><br>> anywhere<br>> RETURN all --
<a href="http://174.0.0.0/7">174.0.0.0/7</a> <<a href="http://174.0.0.0/7">http://174.0.0.0/7</a>><br>> anywhere<br>> RETURN all -- <a href="http://176.0.0.0/5">176.0.0.0/5</a> <<a href="http://176.0.0.0/5">
http://176.0.0.0/5</a>><br>> anywhere<br>> RETURN all -- <a href="http://184.0.0.0/6">184.0.0.0/6</a> <<a href="http://184.0.0.0/6">http://184.0.0.0/6</a>><br>> anywhere<br>> RETURN all --
<a href="http://189.0.0.0/8">189.0.0.0/8</a> <<a href="http://189.0.0.0/8">http://189.0.0.0/8</a>><br>> anywhere<br>> RETURN all -- <<a href="http://190.0.0.0/8">http://190.0.0.0/8</a>><br></blockquote>
</div><br><br clear="all"><br>-- <br>Logan