UFW und VMWARE

M

m0nji

Registered User
Hallo,

ich habe gestern unseren Hetzner Rootserver (DS7000 ikl. Ubuntu 8.04 LTS 64Bit) fertig installiert inkl. VMWare und Einrichtung des 8er Subnetz. Hetzner bietet ja da auch gute Anleitungen. ;)

Jetzt habe ich allerdings ein Problem, dass meine virtuellen Kisten nicht mehr erreichbar sind (egal ob von innen nach außen oder anders rum) sobald ich die Ubuntu Firewall UFW mit den standart Settings "ufw default deny" starte.

Ein Ping oder ein Zugriff auf SSH wird mit der Meldung in /var/log/messages
Code: 
Jul  2 09:26:08 Ubuntu-804-hardy-LTS-64-minimal kernel: [17908.727768] [UFW BLOCK FORWARD]: IN=eth0 OUT=vmnet1 SRC=xx.xx.xx.xx DST=192.168.xx.xx LEN=60 TOS=0x00 PREC=0x00 TTL=120 ID=8251 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=25600
geblockt.

ein "ufw allow from any to [interne ip der virtuellen kiste]" oder "ufw allow from any to [externe ip der virtuellen kiste]" wird schlichtweg ignoriert!
jemand eine idee?!

Danke
m0nji
 
Korrekt! Sobald ich "ufw disable" setze, funktioniert alles tadellos...bin etwas sprachlos...vielleicht auch ahnunglos was UFW da macht. Laut LOG´s sagt er halt nur das ICMP geblockt wird aber nicht mehr
 
Vielleicht hilft das ja weiter. Einmal mit ausgeschalteter UFW und dann mit eingeschalteter UFW

Code: 
xxx:/# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Code: 
iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-input  all  --  anywhere             anywhere
ufw-after-input  all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-forward  all  --  anywhere             anywhere
ufw-after-forward  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-output  all  --  anywhere             anywhere
ufw-after-output  all  --  anywhere             anywhere

Chain ufw-after-forward (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK FORWARD]: '
RETURN     all  --  anywhere             anywhere

Chain ufw-after-input (1 references)
target     prot opt source               destination
RETURN     udp  --  anywhere             anywhere            udp dpt:netbios-ns
RETURN     udp  --  anywhere             anywhere            udp dpt:netbios-dgm
RETURN     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn
RETURN     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
RETURN     udp  --  anywhere             anywhere            udp dpt:bootps
RETURN     udp  --  anywhere             anywhere            udp dpt:bootpc
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK INPUT]: '
RETURN     all  --  anywhere             anywhere

Chain ufw-after-output (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ufw-user-forward  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere            ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp source-quench
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere
ACCEPT     all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
ACCEPT     all  --  anywhere             BASE-ADDRESS.MCAST.NET/4
ufw-user-input  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere            ADDRTYPE match dst-type BROADCAST
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK NOT-TO-ME]: '
DROP       all  --  anywhere             anywhere

Chain ufw-user-forward (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt: [anderer port]
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt: [ssh port]
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt: [anderer port]
ACCEPT     udp  --  anywhere             anywhere            udp dpt: [anderer ports]
RETURN     all  --  anywhere             anywhere

Chain ufw-user-output (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Das scheinen alles UFW standart Settings zu sein bis auf den abschnitt "Chain ufw-user-input (1 references)"
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top