Salut la foule,
j’ai un souci suite à la mise en place de mon VPN et je pense que ca vient d’iptables. j’ai un serveur suse linux sur lequel tourne un serveur subversion, un serveur apache et un serveur samba. de l’autre coté ils ont également un couple subversion / apache sous windaube.
notre LAN est en 10.0.0.0 / 24 et le LAN à l’autre bout du VPN est en 192.168.2.0 / 24.
dans httpd.conf j’ai mis :
Listen 0.0.0.0:80
pour forcer apache à écouter toutes les connexions entrantes. je verrais + tard pour restreindre l’écoute à nos 2 réseaux.
les tests que j’ai fais :
la connexion eclipse > subversion fonctionne sur notre LAN
j’accède à leur serveur subversion en utilisant eclipse sans souci.
je ping leurs machines, et eux ping les notres sauf le serveur suse qui ne répond pas.
quand ils essais de se connecter avec eclipse voila leur message d’erreur :
et quand ils entrent l’adresse http dans leur navigateur, ils obtiennent :
suite à ces tests, et vu que moi je peux me connecter sur leur serveur windows, je mets en cause iptables.
voice le résultat de iptables --list :
[quote]Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
input_ext all – anywhere anywhere
input_ext all – anywhere anywhere
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all – anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ’
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ’
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
ACCEPT udp – anywhere anywhere PKTTYPE = broadcast udp dpt:netbios-ns
DROP all – anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp – anywhere anywhere icmp source-quench
ACCEPT icmp – anywhere anywhere icmp echo-request
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp – anywhere anywhere state RELATED,ESTABLISHED icmp redirect
LOG tcp – anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5801 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:5801 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5901 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
SFW2-INext-ACC-TCP '
ACCEPT tcp – anywhere anywhere tcp dpt:5901
LOG tcp – anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:http LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
SFW2-INext-ACC-TCP '
ACCEPT tcp – anywhere anywhere tcp dpt:microsoft-ds
LOG tcp – anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
SFW2-INext-ACC-TCP '
ACCEPT tcp – anywhere anywhere tcp dpt:netbios-ns
LOG tcp – anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
SFW2-INext-ACC-TCP '
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
reject_func tcp – anywhere anywhere tcp dpt:ident state NEW
ACCEPT udp – anywhere anywhere udp dpt:netbios-ns
LOG tcp – anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix SFW2-INext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix
SFW2-INext-DROP-DEFLT '
LOG udp – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix SFW2-INext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix
SFW2-INext-DROP-DEFLT-INV '
DROP all – anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp – anywhere anywhere reject-with tcp-reset
REJECT udp – anywhere anywhere reject-with icmp-port-unreachable
REJECT all – anywhere anywhere reject-with icmp-proto-unreachable[/quote]
au vu de tout ca, quelqu’un pourrait-il m’apporter son aide ?
d’avance merci.