Polskie Forum Użytkowników Debiana

W tym sensie? Dodalem jeszcze inne porty, ktore widzialem ze sie powtarzaja, ale i tak to nie pomoglo

Coś jeszcze brakuje

iptables -A FORWARD -p tcp -s 192.168.3.2 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.3.2 --dport 53 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.3.2 --dport 1378 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.3.2 --dport 1378 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.3.2 --dport 52 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.3.2 --dport 52 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.3.2 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.3.2 --dport 443 -j ACCEPT

Kod: Zaznacz cały

Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=128.63.2.53 DST=192.168.3.2 LEN=761 TOS=0x00 PREC=0x00 TTL=126 ID=20965 PROTO=UDP SPT=53 DPT=8091 LEN=741.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=128.63.2.53 DST=192.168.3.2 LEN=761 TOS=0x00 PREC=0x00 TTL=126 ID=20966 PROTO=UDP SPT=53 DPT=45818 LEN=741.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=192.12.94.30 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=36043 PROTO=UDP SPT=46341 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=128.63.2.53 DST=192.168.3.2 LEN=761 TOS=0x00 PREC=0x00 TTL=126 ID=20967 PROTO=UDP SPT=53 DPT=3098 LEN=741.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=192.12.94.30 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=36044 PROTO=UDP SPT=47933 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=192.12.94.30 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=36045 PROTO=UDP SPT=47036 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=128.63.2.53 DST=192.168.3.2 LEN=761 TOS=0x00 PREC=0x00 TTL=126 ID=20968 PROTO=UDP SPT=53 DPT=44669 LEN=741.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=192.12.94.30 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=36046 PROTO=UDP SPT=15534 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=192.12.94.30 DST=192.168.3.2 LEN=798 TOS=0x00 PREC=0x00 TTL=126 ID=20981 PROTO=UDP SPT=53 DPT=46341 LEN=778.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=192.12.94.30 DST=192.168.3.2 LEN=798 TOS=0x00 PREC=0x00 TTL=126 ID=20982 PROTO=UDP SPT=53 DPT=47933 LEN=778.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=208.84.0.53 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=4734 PROTO=UDP SPT=38815 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=193.221.113.53 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=60022 PROTO=UDP SPT=26746 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=192.12.94.30 DST=192.168.3.2 LEN=798 TOS=0x00 PREC=0x00 TTL=126 ID=20984 PROTO=UDP SPT=53 DPT=47036 LEN=778.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=208.84.0.53 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=4735 PROTO=UDP SPT=13938 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=192.12.94.30 DST=192.168.3.2 LEN=798 TOS=0x00 PREC=0x00 TTL=126 ID=20985 PROTO=UDP SPT=53 DPT=15534 LEN=778.
Jun 26 13:41:10 BST kernel: IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=208.84.0.53 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=4736 PROTO=UDP SPT=36571 DPT=53 LEN=49.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=193.221.113.53 DST=192.168.3.2 LEN=97 TOS=0x00 PREC=0x00 TTL=126 ID=20993 PROTO=UDP SPT=53 DPT=26746 LEN=77.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=208.84.0.53 DST=192.168.3.2 LEN=85 TOS=0x00 PREC=0x00 TTL=126 ID=20994 PROTO=UDP SPT=53 DPT=38815 LEN=65.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=208.84.0.53 DST=192.168.3.2 LEN=85 TOS=0x00 PREC=0x00 TTL=126 ID=20995 PROTO=UDP SPT=53 DPT=13938 LEN=65.
Jun 26 13:41:10 BST kernel: IN=eth4 OUT=eth3 SRC=208.84.0.53 DST=192.168.3.2 LEN=97 TOS=0x00 PREC=0x00 TTL=126 ID=20996 PROTO=UDP SPT=53 DPT=36571 LEN=77.
Jun 26 13:41:14 BST kernel: IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=353 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3583.
Jun 26 13:41:16 BST kernel: IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=176.126.56.29 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=354 DF PROTO=TCP SPT=51662 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0.
Jun 26 13:41:19 BST kernel: IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=355 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3584.
Jun 26 13:41:19 BST kernel: IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=176.126.56.29 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=356 DF PROTO=TCP SPT=51662 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

Daj taką regułę logującą na końcu firewalla. Reszte logujących usuń.

Kod: Zaznacz cały

iptables -A FORWARD -j LOG --log-prefix "iptables: Forward DROP "

I zobacz co tak naprawdę blokuje

Kod: Zaznacz cały

Jun 26 13:53:02 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=176.126.56.55 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=305 DF PROTO=TCP SPT=51823 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0.
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Jun 26 13:53:02 BST kernel: e1000: eth0: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready
Jun 26 13:53:02 BST kernel: e1000: eth1: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_UP): eth2: link is not ready
Jun 26 13:53:02 BST kernel: e1000: eth2: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Jun 26 13:53:02 BST kernel: e1000: eth3: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_UP): eth4: link is not ready
Jun 26 13:53:02 BST kernel: e1000: eth4: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jun 26 13:53:02 BST kernel: ADDRCONF(NETDEV_CHANGE): eth4: link becomes ready
Jun 26 13:53:11 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=176.126.56.55 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=309 DF PROTO=TCP SPT=51824 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0.

iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=176.126.56.55 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=309 DF PROTO=TCP SPT=51824 DPT=443

Blokowany jest ruch https

Ale przecież dałem:

Kod: Zaznacz cały

iptables -A FORWARD -p tcp -s 192.168.3.2 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.3.2 --dport 443 -j ACCEPT

zresetowałem router
i te logi wyglądają bardziej aktualnie, ale i tak troche sensu nie mają:

Kod: Zaznacz cały

Jun 26 13:59:20 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=51 TOS=0x00 PREC=0x00 TTL=127 ID=311 PROTO=UDP SPT=52812 DPT=53 LEN=31.
Jun 26 13:59:20 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=153.19.102.182 LEN=62 TOS=0x00 PREC=0x00 TTL=63 ID=34550 PROTO=UDP SPT=51485 DPT=53 LEN=42.
Jun 26 13:59:20 BST kernel: iptables: Forward DROP IN=eth4 OUT=eth3 SRC=153.19.102.182 DST=192.168.3.2 LEN=94 TOS=0x00 PREC=0x00 TTL=126 ID=1729 PROTO=UDP SPT=53 DPT=51485 LEN=74.
Jun 26 13:59:20 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=146 TOS=0x00 PREC=0x00 TTL=63 ID=12352 PROTO=UDP SPT=53 DPT=52812 LEN=126.
Jun 26 13:59:20 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3609.
Jun 26 13:59:24 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=313 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3610.
Jun 26 13:59:29 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=314 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3611.
Jun 26 13:59:34 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=315 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3612.
Jun 26 13:59:58 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=71 TOS=0x00 PREC=0x00 TTL=127 ID=316 PROTO=UDP SPT=53072 DPT=53 LEN=51.
Jun 26 13:59:58 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=4.23.39.155 LEN=92 TOS=0x00 PREC=0x00 TTL=63 ID=54664 PROTO=UDP SPT=42180 DPT=53 LEN=72.
Jun 26 13:59:58 BST kernel: iptables: Forward DROP IN=eth4 OUT=eth3 SRC=4.23.39.155 DST=192.168.3.2 LEN=145 TOS=0x00 PREC=0x00 TTL=126 ID=7054 PROTO=UDP SPT=53 DPT=42180 LEN=125.
Jun 26 13:59:58 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=173 TOS=0x00 PREC=0x00 TTL=63 ID=12353 PROTO=UDP SPT=53 DPT=53072 LEN=153.
Jun 26 14:02:34 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=317 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3613.
Jun 26 14:02:39 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=318 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3614.
Jun 26 14:02:44 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=319 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3615.
Jun 26 14:02:49 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=212.77.100.101 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=320 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3616.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=321 PROTO=UDP SPT=64386 DPT=53 LEN=37.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=46.28.245.82 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=37784 PROTO=UDP SPT=23755 DPT=53 LEN=48.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth4 OUT=eth3 SRC=46.28.245.82 DST=192.168.3.2 LEN=742 TOS=0x00 PREC=0x00 TTL=126 ID=16013 PROTO=UDP SPT=53 DPT=23755 LEN=722.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=213.180.147.200 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=28023 PROTO=UDP SPT=28038 DPT=53 LEN=48.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth4 OUT=eth3 SRC=213.180.147.200 DST=192.168.3.2 LEN=245 TOS=0x00 PREC=0x00 TTL=126 ID=16014 PROTO=UDP SPT=53 DPT=28038 LEN=225.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=186 TOS=0x00 PREC=0x00 TTL=63 ID=12354 PROTO=UDP SPT=53 DPT=64386 LEN=166.
Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=213.180.141.140 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=322 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3617.
Jun 26 14:03:03 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth4 SRC=192.168.0.2 DST=213.180.141.140 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=323 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=3618.

Żródłowym komputerem co do ruchu https była stacja z sieci 192.168.0.0/24, a nie serwer eagel przypatrz się.

Tu znowu masz blokowany forward odpowiedzi na zapytanie. Znowu się przypatrz.

Jun 26 14:02:58 BST kernel: iptables: Forward DROP IN=eth4 OUT=eth3 SRC=213.180.147.200 DST=192.168.3.2 LEN=245 TOS=0x00 PREC=0x00 TTL=126 ID=16014 PROTO=UDP SPT=53 DPT=28038 LEN=225.

IN=eth4 OUT=eth3 SRC=213.180.147.200 DST=192.168.3.2 LEN=245
PROTO=UDP SPT=53 DPT=28038

A co jak mi blokuje z podsieci 192.168.0.0/24 do eagla 192.168.3.2?

Kod: Zaznacz cały

Jun 26 14:32:09 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=213.180.141.140 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=16334 DF PROTO=TCP SPT=40329 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0.
Jun 26 14:32:15 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth4 SRC=192.168.3.2 DST=213.180.141.140 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=16335 DF PROTO=TCP SPT=40329 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1608 DF PROTO=TCP SPT=52257 DPT=8080 WINDOW=256 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1609 DF PROTO=TCP SPT=52258 DPT=8080 WINDOW=256 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1610 DF PROTO=TCP SPT=52259 DPT=8080 WINDOW=256 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1611 DF PROTO=TCP SPT=52260 DPT=8080 WINDOW=256 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=53851 DF PROTO=TCP SPT=8080 DPT=52257 WINDOW=183 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1612 DF PROTO=TCP SPT=52261 DPT=8080 WINDOW=256 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=18725 DF PROTO=TCP SPT=8080 DPT=52258 WINDOW=183 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1613 DF PROTO=TCP SPT=52257 DPT=8080 WINDOW=256 RES=0x00 ACK URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=41973 DF PROTO=TCP SPT=8080 DPT=52259 WINDOW=183 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=19841 DF PROTO=TCP SPT=8080 DPT=52260 WINDOW=183 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=60745 DF PROTO=TCP SPT=8080 DPT=52261 WINDOW=183 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1614 DF PROTO=TCP SPT=52262 DPT=8080 WINDOW=256 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1615 DF PROTO=TCP SPT=52258 DPT=8080 WINDOW=256 RES=0x00 ACK URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1616 DF PROTO=TCP SPT=52259 DPT=8080 WINDOW=256 RES=0x00 ACK URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1617 DF PROTO=TCP SPT=52260 DPT=8080 WINDOW=256 RES=0x00 ACK URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1618 DF PROTO=TCP SPT=52261 DPT=8080 WINDOW=256 RES=0x00 ACK URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth3 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=41084 DF PROTO=TCP SPT=8080 DPT=52262 WINDOW=183 RES=0x00 ACK FIN URGP=0.
Jun 26 14:32:16 BST kernel: iptables: Forward DROP IN=eth0 OUT=eth3 SRC=192.168.0.2 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1619 DF PROTO=TCP SPT=52262 DPT=8080 WINDOW=256 RES=0x00 ACK URGP=0

A co jak mi blokuje z podsieci 192.168.0.0/24 do eagla 192.168.3.2?

Nie rozumiem o co Ci chodzi

Masz blokowane połączenia po porcie 8080 oraz jakimś wysokim. Co na nich nasłuchuje to nie wiem. Z reguły 8080 wykorzystywany jest przez proxy (przynajmniej kiedyś), co jest w Twoim przypadku t musisz sobie sam odpowiedzieć.
Dodatkowo blokujesz przekazanie pakietów z serwera eagle po porcie 80.

Ok ogarnąłem, dzięki za pomoc

po prostu nie sądziłem, że tyle portów trzeba odblokowywać.

Polskie Forum Użytkowników Debiana

Udostepnianie strony w sieci