Le problème semble plus grave. En fait, apparemment tout le trafic sortant semble bloqué. Par exemple, je ne peux pas me connecter en ssh sur mon routeur (alors que cela fonctionne depuis un autre poste). Seul le ping vers l’extérieur fonctionne, si je spécifie une adresse IP :
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=121 time=35.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=121 time=34.0 ms
# host linuxfr.org 8.8.8.8
;; connection timed out; no servers could be reached
Un problème de IPtable ?
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
f2b-pam-generic tcp -- anywhere anywhere
f2b-recidive tcp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-server
ACCEPT tcp -- anywhere anywhere tcp dpt:5290
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT tcp -- anywhere anywhere tcp dpt:6600
ACCEPT tcp -- anywhere anywhere tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere tcp dpt:32765
ACCEPT tcp -- anywhere anywhere tcp dpt:32766
ACCEPT tcp -- anywhere anywhere tcp dpt:32767
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:8000
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:6600
ACCEPT udp -- anywhere anywhere udp dpt:nfs
ACCEPT udp -- anywhere anywhere udp dpt:32765
ACCEPT udp -- anywhere anywhere udp dpt:32766
ACCEPT udp -- anywhere anywhere udp dpt:32767
ACCEPT udp -- anywhere anywhere udp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:587
ACCEPT udp -- anywhere anywhere udp dpt:8000
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-dovecot (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-nginx-http-auth (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-pam-generic (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-recidive (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd-ddos (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-yunohost (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-dovecot
-N f2b-nginx-http-auth
-N f2b-pam-generic
-N f2b-postfix
-N f2b-postfix-sasl
-N f2b-recidive
-N f2b-sshd
-N f2b-sshd-ddos
-N f2b-yunohost
-A INPUT -p tcp -j f2b-pam-generic
-A INPUT -p tcp -j f2b-recidive
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5269 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5290 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32765 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32766 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32767 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 6600 -j ACCEPT
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 32765 -j ACCEPT
-A INPUT -p udp -m udp --dport 32766 -j ACCEPT
-A INPUT -p udp -m udp --dport 32767 -j ACCEPT
-A INPUT -p udp -m udp --dport 51413 -j ACCEPT
-A INPUT -p udp -m udp --dport 587 -j ACCEPT
-A INPUT -p udp -m udp --dport 8000 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A f2b-dovecot -j RETURN
-A f2b-nginx-http-auth -j RETURN
-A f2b-pam-generic -j RETURN
-A f2b-postfix -j RETURN
-A f2b-postfix-sasl -j RETURN
-A f2b-recidive -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd-ddos -j RETURN
-A f2b-yunohost -j RETURN