[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: slug@nospam.slug.org.au
From: maxmail@nospam.optushome.com.au
Date: Sun Jun 18 19:10:14 2000
Sender: owner-slug@nospam.newtreno.spectrum.com.au

Hello i have a problem which i belive in my firewall script 
but im not sure. Anyway im running a masq with gateway
Anyway i run daemons on gateway no sub machines can
use auth only gateway i also have ssh and other things
running on gateway none can connect to them even
gateway cannot connect to ssh for example or webmin ??
Is this my scripting could someome give me a idea why
i cannot connect to daemons running on my system
Thanks in advance 
firewall script below
------------------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
ipchains -M -S 14400 30 300
ipchains -A input -i ! lo -j DENY
ipchains -A output -i ! lo -j DENY
ipchains -A forward -j DENY
ipchains -A input -i lo -j ACCEPT
ipchains -A output -i lo -j ACCEPT
ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
ipchains -P forward DENY
ipchains -A forward -i eth0 -j MASQ
ipchains -N icmp-acc
ipchains -N bad-if
ipchains -N good-if
ipchains -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT
ipchains -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT
ipchains -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT
ipchains -A icmp-acc -p icmp --icmp-type parameter-problem -j ACCEPT
ipchains -A forward -j DENY -l
ipchains -A bad-if -i eth1 -j DENY -l
ipchains -A bad-if -p ICMP --icmp-type pong -j ACCEPT
ipchains -A bad-if -p TCP --dport ssh -j ACCEPT
ipchains -A bad-if -j icmp-acc
ipchains -A bad-if -j DENY
ipchains -A good-if -i eth0 -j DENY
ipchains -A good-if -p ICMP --icmp-type ping -j ACCEPT
ipchains -A good-if -p ICMP --icmp-type pong -j ACCEPT
ipchains -A good-if -j icmp-acc
ipchains -A good-if -j DENY -l
#modprobe ip_masq_cuseeme.o
modprobe ip_masq_ftp.o
modprobe ip_masq_irc.o
modprobe ip_masq_icq.o
#modprobe ip_masq_mfw.o
#modprobe ip_masq_portfw.o
#modprobe ip_masq_quake.o
#modprobe ip_masq_raudio.o
#modprobe ip_masq_user.o
#modprobe ip_masq_vdolive.o
ipchains -D input 1
ipchains -D forward 1
ipchains -D output 1
--------------------------------


--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to slug-request@nospam.slug.org.au with
unsubscribe in the text

Follow-Ups:
- [SLUG] Re: your mail
  - From: Anand Kumria <wildfire@nospam.progsoc.uts.edu.au>

Prev by Date: [SLUG] SLUG Pearls #3
Next by Date: [SLUG] 10base2 & 10baset hub
Prev by thread: No Subject
Next by thread: [SLUG] Re: your mail
Index(es):
- Date
- Thread