IPCHAINS ... again

This is a discussion on IPCHAINS ... again within the Linux Security forums, part of the System Security and Security Related category; Hej ! I know that this kind of problem is current. I've follow multiple documents for setup my network and ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page IPCHAINS ... again

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-01-2005
raffe
 
Posts: n/a
Default IPCHAINS ... again
Hej !

I know that this kind of problem is current. I've follow multiple
documents for setup my network and resolve my problem, and this not
work.
I've used ipchains-howto and ip-masquerade-howto with no success ...

My configuration :

+ Firewall pc connected to ADSL 1Mo
PIII 600 with RAM 500M
2 ethernet cards
Linux Mandrake 2.2.19
ipchains 1.3.10
kernel seems to be well configured for masquerade

+ Four pc running W2K

I can access internet by using squid, but when I kill it and attempt
to connect with a pc in the internal network, this failed. Of course,
I change ip configuration on the client like said in the
IP-MASQUERADE-HOWTO.

Can someone tell me if my configuration script is good ?

Thanks a lot for answers,

RaFFe/

this is my ipchains config script :

#____________________________________
#!/bin/sh
#

MYHOST="a.b.c.d"
PARTNERHOST="e.f.g.h"

ipchains -F input
ipchains -F forward
ipchains -F output

# INPUT
#____________________________________
# Block all packet on all interface
ipchains -P input DENY

# Accept all input from the local network
ipchains -A input -j ACCEPT -i eth0

# Accept input packet from my partner
ipchains -A input -j ACCEPT -i ppp0 -d $MYHOST/32 -s
$PARTNERHOST/32

ipchains -A input -j ACCEPT -i ppp0 -d $MYHOST/32 -p tcp ! -y

ipchains -A input -j ACCEPT -i ppp0 -p ! tcp

# Accept packet if the source is the local network and destination is
the internet
ipchains -A input -j ACCEPT -i ppp0 -d $MYHOST/32 -s
192.168.2.1/255.255.255.0 -p tcp

#
ipchains -A input -j ACCEPT -i lo

# FORWARD
#____________________________________
ipchains -P forward DENY
# Accept outgoing packet for smtp/pop usage - use masquerade
ipchains -A forward -j MASQ -p tcp -s 192.168.2.0/24 -d 0.0.0.0/0 25
ipchains -A forward -j MASQ -p tcp -s 192.168.2.0/24 -d 0.0.0.0/0 110


# use global masquerade for internet connection
ipchains -A forward -j MASQ -s 192.168.2.0/24 -d 0.0.0.0/24 -i ppp0

# OUTPUT
#____________________________________
ipchains -P output ACCEPT

# Active ip firewalling
echo "1" > /proc/sys/net/ipv4/ip_forward
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:26 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0