VPN Déconnection en dedans de 5 minutes !!!

[sisg]

Bonjour à tous,

J'ai fait une connection VPN à mon serveur SME en PPTP avec le client Windows 2000, la connection fonctionne mais après 3 à 5 minutes, je perd ma connection et rien ne va plus... Je ne peux plus me reconnecter ??? Je dois redémarrer mon SME ??? qqc à une solu ?

Merci !

A+

Snoopyski

[MasterSleepy]

Salut,

Plutôt que redémarrer tout le serveur, as-tu essayé "service pptpd restart" ?

Que disse les log lors du plantage, ça pourra peut-être aider.

A+

[sisg]

Merci Master pour ce suivit si rapide,

Je vérifie les logs et je te revient...

PS. Oui j'ai fait cette commande mais ça semble pas fonctionner !!! ???

@+

Snoppyski

[sisg]

S'lut MasterSleepy,

Voici ce que je vois dans un des logs !!! Mais dans quel log veux-tu que je regarde ?


e-smith[20505]: S95reset-unsavedflag=action|Event|remoteaccess-update|Action|S95reset-unsavedflag|Start|1087003809 512865|End|1087003809 799721|Elapsed|0.286856

et

kernel: denylog:IN=eth0 OUT= MAC=aa:aa:bb:bbf:36:fc:00:40:dd:ee:45:7e:08:00 SRC=64.95.147.221 DST=10.0.1.10 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=190 DF PROTO=TCP SPT=3369 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0


Merci !


@+

Snoopyski

[sisg]

Allo Master ?

Est-ce que tu est là ??? snif snif

@+

[MasterSleepy]

Salut,

Le log a regardé est /var/log/message
Il vaut mieux faire un tail -f /var/log/message juste avant de lancer la connection et de l'arrete après que cela ce soit planter.
Les messages arriveront sur la console, mais si tu utilises putty, un copier coller et le tour est joué.

A+

[sisg]

Salut MasterSleepy...


Voici ce que mon LOG me donne...

Jun 14 21:08:24 pinguin pptpd[23689]: MGR: Launching /usr/sbin/pptpctrl to handle client
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: local address = 10.0.1.10
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: remote address = 10.0.1.246
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: pppd speed = 460800
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: pppd options file = /etc/ppp/options.pptpd
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Client 66.166.166.81 control connection started
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Received PPTP Control Message (type: 1)
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Made a START CTRL CONN RPLY packet
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: I wrote 156 bytes to the client.
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Sent packet to client
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Received PPTP Control Message (type: 7)
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Set parameters to 1525 maxbps, 64 window size
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Made a OUT CALL RPLY packet
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Starting call (launching pppd, opening GRE)
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: pty_fd = 5
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: tty_fd = 6
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: I wrote 32 bytes to the client.
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Sent packet to client
Jun 14 21:08:24 pinguin pptpd[23690]: CTRL (PPPD Launcher): Connection speed = 460800
Jun 14 21:08:24 pinguin pptpd[23690]: CTRL (PPPD Launcher): local address = 10.0.1.10
Jun 14 21:08:24 pinguin pptpd[23690]: CTRL (PPPD Launcher): remote address = 10.0.1.246
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Received PPTP Control Message (type: 15)
Jun 14 21:08:24 pinguin pptpd[23689]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Jun 14 08:31:25 pinguin kernel: eth0: Link changed: 100Mbps, full duplex
Jun 14 21:08:24 pinguin kernel: CSLIP: code copyright 1989 Regents of the University of California
Jun 14 21:08:25 pinguin kernel: CSLIP: code copyright 1989 Regents of the University of California
Jun 14 21:08:25 pinguin kernel: PPP generic driver version 2.4.2
Jun 14 21:08:25 pinguin pppd[23690]: pppd 2.4.2b1 started by root, uid 0
Jun 14 21:08:25 pinguin pppd[23690]: Starting negotiation on /dev/pts/1
Jun 14 21:08:25 pinguin pptpd[23689]: GRE: Discarding duplicate packet
Jun 14 21:08:28 pinguin pptpd[23689]: CTRL: Received PPTP Control Message (type: 15)
Jun 14 21:08:28 pinguin pptpd[23689]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jun 14 21:08:28 pinguin kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Jun 14 21:08:29 pinguin pppd[23690]: Using interface ppp0
Jun 14 21:08:29 pinguin kernel: PPP MPPE Compression module registered
Jun 14 21:08:29 pinguin insmod: Warning: loading /lib/modules/2.4.20-18.7-e-smith/kernel/drivers/net/ppp_mppe.o will taint the kernel: non-GPL license - BSD without advertisement clause
Jun 14 21:08:29 pinguin insmod: See http://www.tux.org/lkml/#export-tainted for information about tainted modules
Jun 14 21:08:29 pinguin insmod: Module ppp_mppe loaded, with warnings
Jun 14 21:08:29 pinguin pppd[23690]: CHAP peer authentication succeeded for sgauvin
jun 14 20:09:10 pinguin last message repeated 5 times
Jun 14 21:08:29 pinguin /etc/hotplug/net.agent: assuming ppp0 is already up
Jun 14 21:08:29 pinguin pppd[23690]: MPPE 128-bit stateless compression enabled
Jun 14 21:08:32 pinguin pppd[23690]: found interface eth0 for proxy arp
Jun 14 21:08:32 pinguin pppd[23690]: local IP address 10.0.1.10
Jun 14 21:08:32 pinguin pppd[23690]: remote IP address 10.0.1.246
Jun 14 21:08:32 pinguin e-smith[23725]: Processing event: ip-up.pptpd ppp0 /dev/pts/1 460800 10.0.1.10 10.0.1.246 pptpd
Jun 14 21:08:32 pinguin e-smith[23725]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access
Jun 14 21:08:33 pinguin /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[23726]: /home/e-smith/configuration: OLD pptpd=service|Interfaces||StartIP|167772662|sessions|5|status|enabled
Jun 14 21:08:33 pinguin /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[23726]: /home/e-smith/configuration: NEW pptpd=service|Interfaces|ppp0|StartIP|167772662|sessions|5|status|enabled
Jun 14 21:08:33 pinguin e-smith[23725]: S70pptp-interface-access=action|Event|ip-up.pptpd|Action|S70pptp-interface-access|Start|1087261712 913451|End|1087261713 199882|Elapsed|0.286431
Jun 14 21:08:33 pinguin e-smith[23725]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S80conf-masq
Jun 14 21:08:33 pinguin e-smith[23725]: WARNING in /etc/e-smith/templates//etc/rc.d/init.d/masq/00Definitions: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/rc.d/init.d/masq/00Definitions line 5.
Jun 14 21:08:34 pinguin e-smith[23725]: WARNING: Template processing succeeded for //etc/rc.d/init.d/masq: 1 fragment generated warnings
Jun 14 21:08:34 pinguin e-smith[23725]: at /etc/e-smith/events/ip-up.pptpd/S80conf-masq line 46
Jun 14 21:08:34 pinguin e-smith[23725]: S80conf-masq=action|Event|ip-up.pptpd|Action|S80conf-masq|Start|1087261713 200150|End|1087261714 255406|Elapsed|1.055256Jun 14 21:08:34 pinguin e-smith[23725]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S85adjust-masq
Jun 14 21:08:34 pinguin e-smith[23725]: S85adjust-masq=action|Event|ip-up.pptpd|Action|S85adjust-masq|Start|1087261714 255642|End|1087261714 463189|Elapsed|0.207547
Jun 14 21:08:35 pinguin kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jun 14 21:08:35 pinguin kernel: ip_conntrack version 2.1 (2559 buckets, 20472 max) - 292 bytes per conntrack
Jun 14 21:08:38 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=9281 DF PROTO=TCP SPT=53 DPT=1052 WINDOW=25840 RES=0x00 ACK SYN URGP=0
Jun 14 21:08:39 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9285 DF PROTO=TCP SPT=53 DPT=1040 WINDOW=25840 RES=0x00 ACK FIN URGP=0
Jun 14 21:08:46 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9361 DF PROTO=TCP SPT=53 DPT=1040 WINDOW=25840 RES=0x00 ACK FIN URGP=0
Jun 14 21:09:01 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9432 DF PROTO=TCP SPT=53 DPT=1040 WINDOW=25840 RES=0x00 ACK FIN URGP=0
Jun 14 21:09:24 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=34551 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0
Jun 14 21:09:26 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=34562 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0
Jun 14 21:09:30 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=34601 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0
Jun 14 21:09:32 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=52423 DF PROTO=TCP SPT=53 DPT=1040 WINDOW=25840 RES=0x00 ACK FIN URGP=0
Jun 14 21:09:38 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=34754 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0
Jun 14 21:09:55 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=34995 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0
Jun 14 21:10:00 pinguin su(pam_unix)[24149]: session opened for user qmailr by (uid=0)
Jun 14 21:10:04 pinguin su(pam_unix)[24149]: session closed for user qmailr
Jun 14 21:10:28 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=72 TOS=0x00 PREC=0x00 TTL=117 ID=35482 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0
Jun 14 21:10:32 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=52440 DF PROTO=TCP SPT=53 DPT=1040 WINDOW=25840 RES=0x00 ACK FIN URGP=0
Jun 14 21:11:32 pinguin kernel: denylog:IN=eth0 OUT=ppp0 SRC=199.234.207.130 DST=10.0.1.246 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=52441 DF PROTO=TCP SPT=53 DPT=1040 WINDOW=25840 RES=0x00 ACK FIN URGP=0


Voilà mon cher... C'est tout !!! Après plus rien !!! Perte de connection et là mon site web ne répond plus bien je dois redémarrer mon serveur...

Merci !

@+

Snoopyski

[MasterSleepy]

Salut,

Voici ce que je trouve bizarre

Code: Tout sélectionner

Jun 14 21:08:33 pinguin e-smith[23725]: WARNING in /etc/e-smith/templates//etc/rc.d/init.d/masq/00Definitions: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/rc.d/init.d/masq/00Definitions line 5.
Jun 14 21:08:34 pinguin e-smith[23725]: WARNING: Template processing succeeded for //etc/rc.d/init.d/masq: 1 fragment generated warnings


Tu aurais modifié quelque chose dans ce fichier là ??
Mais à mon avis cela ne doit pas venir de là, ce serait trop facile.

Je vois vraiment pas trop
Il y a bien ça qui n'a pas l'air normal,

Code: Tout sélectionner

Jun 14 21:09:38 pinguin kernel: denylog:IN=eth0 OUT= MAC=01:06:5d:ee:36:fc:00:40:f4:6h:6r:7e:08:00 SRC=66.166.166.81 DST=10.0.1.10 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=34754 DF PROTO=TCP SPT=4981 DPT=1723 WINDOW=64764 RES=0x00 ACK PSH URGP=0

Mais je suis pas assez calé en iptable ??

Si il y avait quelqu'un qui pourrait nous dire ce que cela veut dire?

A+

[sisg]

Salut,

Moi non plus je ne comprend pas

Est-ce que ce serait à cause que dans mes services, j'ai désactivé les services suivants:

-DHCP Server (DHCPD)
-Transparant Internet Access (masq)

Parce que mon SME me sert en mode SERVER ONLY car j'ai un Firewall IPCop ????

Est-ce que PPTP a besoin de ces services pour fonctionner ??? !!!

Merci !


@+

Snoopyski

[MasterSleepy]

Salut sisg,

Je pense pas que ces services soient nécessaire.

A+

[Mael]

Salut,

Je n'ai pas de connaissances particulères mais dans ton log iptable bloque le TCP 1723 sur ta SME nécessaire à PPTP, est-ce qu'il ne devrait pas etre ouvert ??

Sinon ce thread peut t'intéresser
viewtopic.php?t=16866

Parce que mon SME me sert en mode SERVER ONLY car j'ai un Firewall IPCop ????

Est-ce normal que iptable soit activé en mode serveur seul ? n'est ce pas redondant avec Ipcop

Mael

[sisg]

Salut,

Dans mon IPCop le port 1723 est ouvert vers ma SME et le port 1723 de ma SME est ouvert... Sinon, je ne pourait me connecter pendant 5 minutes environ !!!

???

Je cherche Je cherche...

@+

Snoopyski

[MasterSleepy]

Maintenant que je pense à qq chose, si si si des fois ça arrive

as-tu bien autorisé le protocol GRE sur ton ipcop??
Je suppose que oui.

Par contre ce que Mael fais remarquer, c'est quand dans les log de la SME le port 1723 à l'air fermer.
Ce qui est plutôt étrange car tu arrives biens à te connecter.

Encore un autre petit teste, tu te connectes sur ta SME en pptp.
Dès que t'es connecté tu fais un iptables --list pour voir si tout est bien vide.

A+

[sisg]

S'lut,

Oui le protocole GRE est bien ouvert dans IPCop vers ma SME...

Je ferais le test ce soir...

Je te revient...

Merci!

@+

Snoopyski

[sisg]

Allo !!!

Alors voici avant ma connection VPN:

[root@pinguin root]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Et maintenant lorsque je suis connecté:


[root@pinguin root]# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
icmpIn icmp -- anywhere anywhere
local_chk all -- anywhere anywhere
PPPconn all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
InboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
InboundTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
gre-in gre -- anywhere anywhere
denylog gre -- anywhere anywhere
denylog all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
ForwardedTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
ForwardedUDP udp -- anywhere anywhere
denylog all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
icmpOut icmp -- anywhere anywhere
PPPconn all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
OutboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_9807 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain ForwardedTCP_9807 (1 references)
target prot opt source destination

Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_9807 all -- anywhere anywhere
denylog udp -- anywhere anywhere

Chain ForwardedUDP_9807 (1 references)
target prot opt source destination

Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_9807 all -- anywhere anywhere
denylog icmp -- anywhere anywhere

Chain InboundICMP_9807 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere

Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_9807 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain InboundTCP_9807 (1 references)
target prot opt source destination
denylog all -- anywhere !192.168.65.17

Chain InboundUDP (0 references)
target prot opt source destination
InboundUDP_9807 all -- anywhere anywhere
denylog udp -- anywhere anywhere

Chain InboundUDP_9807 (1 references)
target prot opt source destination
denylog all -- anywhere !192.168.65.17

Chain OutboundICMP (1 references)
target prot opt source destination
OutboundICMP_9807 all -- anywhere anywhere
denylog icmp -- anywhere anywhere

Chain OutboundICMP_9807 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere

Chain PPPconn (2 references)
target prot opt source destination
PPPconn_9807 all -- anywhere anywhere

Chain PPPconn_9807 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain denylog (17 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:route
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
LOG all -- anywhere anywhere LOG level warning prefix `denylog:'
DROP all -- anywhere anywhere

Chain gre-in (1 references)
target prot opt source destination
denylog all -- anywhere !192.168.65.17
ACCEPT all -- anywhere anywhere

Chain icmpIn (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
DROP icmp -- anywhere anywhere icmp echo-reply
DROP icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere icmp destination-unreachable

Chain icmpOut (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem

Chain local_chk (2 references)
target prot opt source destination
local_chk_9807 all -- anywhere anywhere

Chain local_chk_9807 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.0.0.0/24 anywhere
ACCEPT all -- 10.0.1.0/24 anywhere

Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED


Si tu vois qqc dit le moi...

Merci !



@+

Snoopyski