Re: IPCHAINS
From: Pete Nesbitt (pete_at_linux1.ca)
Date: 07/20/04
- Previous message: Eucke Warren: "Re: Spamassassin milter modifying message body"
- In reply to: Duncan: "Re: IPCHAINS"
- Next in thread: Duncan: "Re: IPCHAINS"
- Reply: Duncan: "Re: IPCHAINS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Duncan <drack@mweb.co.zw>, General Red Hat Linux discussion list <redhat-list@redhat.com> Date: Mon, 19 Jul 2004 18:07:55 -0700
On July 19, 2004 12:00 am, Duncan wrote:
> Still this simple firewall is not allowing traffic from me ISP and the
> CLIENT but traffic on the LAN is flowing , all i want to do is allowa
> traffic from me to the client , the client has squid so there is no need
> for masquarading .Hw do i do that with tis firewall.
>
> # Setting default to deny all
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains -P forward DENY
>
>
> #allowing localhost
> /sbin/ipchains -A input -j ACCEPT -p all -s localhost -d localhost -i lo
> /sbin/ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i lo
>
> #Deny packets from internet claiming to be from localhost and log
> /sbin/ipchains -A input -j REJECT -p all -s localhost -i ppp0 -l
>
> #Deny packets that mimic internal IPs and log
> /sbin/ipchains -A input -j REJECT -p all -s clientLAN/24 -i ppp0 -l
>
> #Allow packets from ISP
> /sbin/ipchains -A input -j ACCEPT -p all -s ISPrange/24 -d
> ientLAN/24 -i ppp0
>
> #Allow packets from LAN
> /sbin/ipchains -A output -j ACCEPT -p all -s client/24 -d ISPrange/24 -i
> ppp0
>
> #Allow outgoing packets thru internal interface
> /sbin/ipchains -A input -j ACCEPT -p all -s clientLAN/24 -i eth0
> /sbin/ipchains -A output -j ACCEPT -p all -s clientLAN/24 -i eth0
>
>
> > ----- Original Message -----
> > From: "Duncan" <drack@mweb.co.zw>
> > To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
> > Sent: Friday, July 16, 2004 9:10 AM
> > Subject: IPCHAINS
> >
> >
> > would the following ipchains stop tcp connections from anyone else other
> > than iprange , the ips in LAN 195.167.2.0/24
> >
> > /sbin/ipchains -F
> > /sbin/ipchains -P input -p tcp DENY
> > /sbin/ipchains -A input -p tcp -s iprange/24 -d 195.167.2.0/24 -j
> > ACCEPT
> > /sbin/ipchains -A input -p udp -s iprange/24 -d 195.167.2.0/24 -j
> > ACCEPT
> > /sbin/ipchains -A input -p icmp -s iprange/24 -d 195.167.2.0/24 -j
> > ACCEPT
> >
> > Please advice
> > ---------------------------
> > Duncan Rack
Hi Duncan,
I'm not sure I understand the whole layout, but if you're using both ppp and
Ethernet, you will also need to add FORWARD rules to connect traffic going
between them (if needed). IPchains was a bit more involved than IPtables is
because instead of just having a forward rule for routed packets, IPchains
requires you set an input->forward->output set of rules.
You may be best to post the exact senario (who is on what interface and who
they need to talk to), as well as the whole rules script.
Is there a reason you're using ipchains and not iptables?
-- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Eucke Warren: "Re: Spamassassin milter modifying message body"
- In reply to: Duncan: "Re: IPCHAINS"
- Next in thread: Duncan: "Re: IPCHAINS"
- Reply: Duncan: "Re: IPCHAINS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
