[plug] Firewall problem
Clinton Butler
misprint at bizzpro.com.au
Sat Aug 25 23:24:48 WST 2001
This is my '/etc/init.d/rc.firewall' which is my firewall file.
I cannot seem to get any inbound traffic.. it apparently comes up with a
tcp error
# ***** SOF *****
#!/bin/sh
# Supports the proper masquerading of FTP file transfers using the PORT
method
/sbin/modprobe ip_masq_ftp
#/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
#/sbin/modprobe ip_masq_cuseeme
#/sbin/modprobe ip_masq_vdolive
# Supports the masquerading of Quake and QuakeWorld by default. This
module is
# for multiple users behind the Linux MASQ server. If you are going to
# play Quake I, II, and III, use the second example.
#
# NOTE: If you get ERRORs loading the QUAKE module, you are running an
old
# ----- kernel thjat has bugs in it. Please upgrade to the newest
kernel.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
echo "1" > /proc/sys/net/ipv4/ip_forward
# -------- IPCHAINS
# FLUSH (empty) the chains
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
# set the default policies
/sbin/ipchains -P forward DENY
/sbin/ipchains -P input DENY
/sbin/ipchains -P output ACCEPT
# setup masq for the local network
/sbin/ipchains -A forward -i ppp0 -s 192.168.10.0/24 -j MASQ
# allow outside access for SSH and HTTP
/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 0.0.0.0/0 80 -p tcp
/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 0.0.0.0/0 22 -p tcp
# ***** EOF *****
if I do 'ipchains -L' it gives this output :
(begin)
Chain input (policy DENY):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
DENY all ----l- 127.0.0.0/8 anywhere n/a
ACCEPT all ------ localnet/24 anywhere n/a
DENY all ----l- localnet/24 anywhere n/a
ACCEPT all ------ anywhere snap39.eftel.com n/a
DENY all ----l- anywhere anywhere n/a
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ localnet/24 anywhere n/a
DENY all ----l- anywhere anywhere n/a
Chain output (policy DENY):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere localnet/24 n/a
ACCEPT !tcp ------ anywhere BASE-ADDRESS.MCAST.NET/4
any -> any
DENY all ----l- anywhere localnet/24 n/a
ACCEPT all ------ snap39.eftel.com anywhere n/a
DENY all ----l- anywhere anywhere n/a
(end)
it appears to me that this should work... but it seems not.
if anyone would like to confirm that this is not working..
go to http://victory.net.dhis.org and you will get a TCP error.
90% of this script was written for me at the installfest.
If I do 'ifconfig' it shows :
(begin)
eth0 Link encap:Ethernet HWaddr 00:00:F8:01:CA:BD
inet addr:192.168.10.100 Bcast:192.168.10.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20003 errors:0 dropped:0 overruns:0 frame:0
TX packets:22461 errors:0 dropped:0 overruns:0 carrier:0
collisions:24 txqueuelen:100
Interrupt:10 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.91.74.166 P-t-P:203.91.65.11
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:21911 errors:0 dropped:0 overruns:0 frame:0
TX packets:18622 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
(end)
Not that I think this will help much.
I am getting outbound traffic perfectly... I just can't get inbound to
apache.
--
_.._ _ Clinton Butler
."\__/"./`_\ misprint at bizzpro.com.au
_/__<__>__\/ Homepage:
`"/_/""""\_\\ N/A until I get Apache up
More information about the plug
mailing list