IPCHAINS

Duncan drack at mweb.co.zw
Mon Jul 19 07:00:18 UTC 2004 

Still this simple firewall is not allowing traffic from me ISP and the
CLIENT but traffic on the LAN is flowing , all i want to do is allowa
traffic from me to the client , the client has squid so there is no need for
masquarading .Hw do i do that with tis firewall.

# Setting default to deny all
  /sbin/ipchains -P input   DENY
  /sbin/ipchains -P output  DENY
  /sbin/ipchains -P forward DENY


#allowing localhost
  /sbin/ipchains -A input  -j ACCEPT -p all -s localhost -d localhost -i lo
  /sbin/ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i lo

#Deny packets from internet claiming to be from localhost and log
  /sbin/ipchains -A input  -j REJECT -p all -s localhost  -i ppp0 -l

#Deny packets that mimic internal IPs and log
  /sbin/ipchains -A input -j REJECT -p all -s clientLAN/24 -i ppp0 -l

#Allow packets from ISP
  /sbin/ipchains -A input -j ACCEPT -p all -s ISPrange/24  -d
ientLAN/24   -i ppp0

#Allow packets from LAN
  /sbin/ipchains -A output  -j ACCEPT -p all -s client/24 -d ISPrange/24 -i
ppp0

#Allow outgoing packets thru internal interface
   /sbin/ipchains -A input   -j ACCEPT -p all -s clientLAN/24 -i eth0
   /sbin/ipchains -A output  -j ACCEPT -p all -s clientLAN/24 -i eth0


----- Original Message -----
From: "Joe Szilagyi" <js at axxs.net>
To: <drack at mweb.co.zw>
Sent: Saturday, July 17, 2004 2:38 AM
Subject: Re: IPCHAINS


> What was the solution out of curiosity?
>
> Regards,
> Joe
>
>
>
>
> ----- Original Message -----
> From: "Duncan" <drack at mweb.co.zw>
> To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
> Sent: Friday, July 16, 2004 6:42 AM
> Subject: Re: IPCHAINS
>
>
> YOU MAY TRASH THE QUESTION , I HAVE SORTED IT OUT
> THANKS
>
> ----- Original Message -----
> From: "Duncan" <drack at mweb.co.zw>
> To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
> Sent: Friday, July 16, 2004 9:10 AM
> Subject: IPCHAINS
>
>
> would the following ipchains stop tcp connections from anyone else other
> than iprange , the ips in LAN 195.167.2.0/24
>
> /sbin/ipchains -F
> /sbin/ipchains -P input -p tcp DENY
> /sbin/ipchains -A input -p tcp   -s  iprange/24  -d 195.167.2.0/24   -j
> ACCEPT
> /sbin/ipchains -A input -p udp   -s  iprange/24  -d 195.167.2.0/24   -j
> ACCEPT
> /sbin/ipchains -A input -p icmp  -s  iprange/24  -d 195.167.2.0/24   -j
> ACCEPT
>
> Please advice
>
> --------------------------------------------------------------------------
--
> ---------------------------
> Duncan Rack
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>

More information about the redhat-list mailing list