IPTABLES doesn't work
Ow Mun Heng
ow.mun.heng at wdc.com
Fri Jan 30 04:07:49 UTC 2004
> -----Original Message-----
> From: smoothmilk [mailto:smthmlk at fuckmicrosoft.com]
>
> heh, considering that RH includes this tool and it doesnt work out of
> the box, I'd say it should be a concern to the people who
> could possibly
> fix that, perhaps those people read this list. I mean, when
> you install
> fedora/redhat, it says do u want a firewall? If you choose
> yes, (which i
> did) it's not going to do anything--even something very very
> simple like
> deny all incoming new connections.
>
> The following are what I have with only ftp allowed and eth0 trusted..
> yet somehow, any computer (on the lan or on the internet) can access
> http, ssh, and every other port on my computer.
<SNIP>
I'm going to ask a _very_simple question..
You want to deny everything eccept the following
> 1. allow incoming connections on ports 11000 (http), 21
> (ftp), 22 (ssh),
> and 113 (identd).
> 2. allow outgoing on all ports.
> 3. just 1 ethernet card, eth0.
And you have only 1 Ethernet Card. So.. Assuming you are using eth0
to connect to I-net (via PPP/PPPoE/DSL etc..) I suggest you get
a real firewall front-end like shorewall. (www.shorewall.net IIRC)
The problem here is you want to allow only item 1 above, and you
put eth0 as trusted. So... this is Never gonna work out.. If eth0's trusted,
it mean (tm) that _all_ ports on eth0 will _not_ be blocked.
You either have to uncheck eth0 as trusted or get another ethernet card.
So.. I think the problem is there. Un-Trust Eth0 and try again.
PS : I like your Domain Name.. Can I get Free Email with that Domain?
:)
More information about the fedora-list
mailing list