Re: IPCHAINS

From: Duncan (drack_at_mweb.co.zw)
Date: 07/20/04

  • Next message: sajsan_at_vsnl.net: "Mount Problems - No medium found"
    To: "Pete Nesbitt" <pete@linux1.ca>, "General Red Hat Linux discussion list" <redhat-list@redhat.com>
    Date: Tue, 20 Jul 2004 08:23:58 +0200
    
    

    > On July 19, 2004 12:00 am, Duncan wrote:
    > > Still this simple firewall is not allowing traffic from me ISP and the
    > > CLIENT but traffic on the LAN is flowing , all i want to do is allowa
    > > traffic from me to the client , the client has squid so there is no need
    > > for masquarading .Hw do i do that with tis firewall.
    > >
    > > # Setting default to deny all
    > > /sbin/ipchains -P input DENY
    > > /sbin/ipchains -P output DENY
    > > /sbin/ipchains -P forward DENY
    > >
    > >
    > > #allowing localhost
    > > /sbin/ipchains -A input -j ACCEPT -p all -s localhost -d localhost -i
    lo
    > > /sbin/ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i
    lo
    > >
    > > #Deny packets from internet claiming to be from localhost and log
    > > /sbin/ipchains -A input -j REJECT -p all -s localhost -i ppp0 -l
    > >
    > > #Deny packets that mimic internal IPs and log
    > > /sbin/ipchains -A input -j REJECT -p all -s clientLAN/24 -i ppp0 -l
    > >
    > > #Allow packets from ISP
    > > /sbin/ipchains -A input -j ACCEPT -p all -s ISPrange/24 -d
    > > ientLAN/24 -i ppp0
    > >
    > > #Allow packets from LAN
    > > /sbin/ipchains -A output -j ACCEPT -p all -s client/24 -d
    ISPrange/24 -i
    > > ppp0
    > >
    > > #Allow outgoing packets thru internal interface
    > > /sbin/ipchains -A input -j ACCEPT -p all -s clientLAN/24 -i eth0
    > > /sbin/ipchains -A output -j ACCEPT -p all -s clientLAN/24 -i eth0
    > >
    > >
    >
    > > > ----- Original Message -----
    > > > From: "Duncan" <drack@mweb.co.zw>
    > > > To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
    > > > Sent: Friday, July 16, 2004 9:10 AM
    > > > Subject: IPCHAINS
    > > >
    > > >
    > > > would the following ipchains stop tcp connections from anyone else
    other
    > > > than iprange , the ips in LAN 195.167.2.0/24
    > > >
    > > > /sbin/ipchains -F
    > > > /sbin/ipchains -P input -p tcp DENY
    > > > /sbin/ipchains -A input -p tcp -s iprange/24 -d
    5.167.2.0/24 -j
    > > > ACCEPT
    > > > /sbin/ipchains -A input -p udp -s iprange/24 -d
    5.167.2.0/24 -j
    > > > ACCEPT
    > > > /sbin/ipchains -A input -p icmp -s iprange/24 -d
    5.167.2.0/24 -j
    > > > ACCEPT
    > > >
    > > > Please advice
    >
    > > > ---------------------------
    > > > Duncan Rack
    >
    ----- Original Message -----
    From: "Pete Nesbitt" <pete@linux1.ca>
    To: "Duncan" <drack@mweb.co.zw>; "General Red Hat Linux discussion list"
    <redhat-list@redhat.com>
    Sent: Tuesday, July 20, 2004 3:07 AM
    Subject: Re: IPCHAINS
    >
    > Hi Duncan,
    > I'm not sure I understand the whole layout, but if you're using both ppp
    and
    > Ethernet, you will also need to add FORWARD rules to connect traffic going
    > between them (if needed). IPchains was a bit more involved than IPtables
    is
    > because instead of just having a forward rule for routed packets, IPchains
    > requires you set an input->forward->output set of rules.
    >
    > You may be best to post the exact senario (who is on what interface and
    who
    > they need to talk to), as well as the whole rules script.
    >
    > Is there a reason you're using ipchains and not iptables?
    > --
    > Pete Nesbitt, rhce

    Hi Pete,

    Thanks , the box has RH6.2 , i gues i am kinda of more familiar with
    ipchains. The whole idea is to allow the LAN to communicate thru the linux
    box with the ISP thru any ports and vice versa and then disallow traffic
    from ANY outsider .
    1) The linux box already has squid and wat i dont know now is if i put
    forward rules , wont it mean there will be IP masquarading i.e every machine
    will be able to browse and do anything and hence complicate the firewall ,
    more rules ,port specifications etc...
    2) is there anything amiss with the firewall though? its working as far as
    the LAN but when it comes to communicating with the ISP ....NOTHING !!!!

    Please help!!!

    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: sajsan_at_vsnl.net: "Mount Problems - No medium found"

    Relevant Pages

    • Re: IPChains
      ... Dans sa prose, Dan Evans nous ecrivait: ... > An unusual problem with IPChains. ... > goes through the firewall OK, with it turned off, all traffic is ...
      (comp.os.linux.networking)
    • Re: iptables firewall script for linux
      ... "ipchains: Incompatible with this kernel". ... port is shown as LISTENING. ... What's wrong with reading the HOWTOs? ... included for their basic firewall concepts. ...
      (comp.security.firewalls)
    • How to reset firewall settings ?
      ... dhcp server until I decided to put some firewall on it. ... Webmin module for ipchains, which accepted to let traffic pass through the ... I'm new to Linux systems and all I have left on my ...
      (comp.os.linux.security)
    • Re: lighting---hacked!
      ... no firewall will protect a web server if the web server ... OP's "focus on ipchains is mis-directed" - I was disagreeing with you ... > One should not rely upon IPCHAINS to protect an insecure sshd daemon. ... > firewall a server is to create a protected DMZ BEHIND a pure ...
      (comp.os.linux.security)
    • How to reset firewall settings ?
      ... dhcp server until I decided to put some firewall on it. ... Webmin module for ipchains, which accepted to let traffic pass through the ... I'm new to Linux systems and all I have left on my ...
      (comp.os.linux.security)