RE: [TCLUG:6207] ipchains and RH 6.0

To: <tclug-list@listserv.real-time.com>
Subject: RE: [TCLUG:6207] ipchains and RH 6.0
From: "d. divine" <divine@islandgrp.com>
Date: Sat, 29 May 1999 17:59:38 -0500
Importance: Normal
In-reply-to: <19990529173153.B15697@wizard.real-time.com>
Keywords: tclug

Then traffic is being blocked in one of the other chains or prior to it in
the script. The SYN command does work.

use to check:
ipchains -C input -i eth1 -p tcp -s 0/0 4000 -d 192.168.x.x 4500

or put -l switch on all incoming packets and check log after ftp failure to
verify ports being denied.


-----Original Message-----
From: Bob Tanner [mailto:tanner@real-time.com]
Sent: Saturday, May 29, 1999 5:32 PM
To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:6207] ipchains and RH 6.0


I tried this too, the SYN flags thing does not work either :--)

Quoting d. divine (divine@islandgrp.com):
> $IPCHAINS -A input -i eth1 -p tcp -s 0/0 1025:65535 -d 192.16.x.x/32
> 1025:65535 ! -y -j ACCEPT
>
> where eth1 is external port and 192.16.x.x is the eth1 ip address
>
> This will allow any passive ftp, real audio etc. Someone else may have
some
> security concerns about this but it should only allow connections
initiated
> by your host.
>
>
> -----Original Message-----
> From: Bob Tanner [mailto:tanner@real-time.com]
> Sent: Saturday, May 29, 1999 5:07 AM
> To: tclug-list@listserv.real-time.com
> Subject: [TCLUG:6207] ipchains and RH 6.0
>
>
> Well, I thought I should make the move to ipchains, since I am now running
> RH
> 6.0. But I have run into a snag.
>
> With ipchains I am unable to figure how to do ftp.
>
> I am not masqurading, just blocking. My workstation has a valid IP
address,
> I
> am just working on the input chain.
>
> After I make an outgoing ftp connection, the ftp server is going to
respond
> back to me with the ftp-data part, but when I hit my favorite ftp sites,
> ipchains is reporting:
>
> May 29 05:04:41 mordent kernel: Packet log: lockdown DENY eth0 PROTO=6
> 206.10.252.12:4697 206.145.104.172:3248 L=44 S=0x00 I=61415 F=0x0000 T=61
>
> This is me typing dir after I have sucessfully logged into the ftp server.
> It
> looks like the server is sending back the ftp-data connection on some
> random(?) port.
>
> How do I assocate this connection with my inital ftp request?
>
>
> --
> Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
> http://www.real-time.com                | Fax   : (612)943-8500
> Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com

--
Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
For additional commands, e-mail: tclug-list-help@listserv.real-time.com
Try our website: http://tclug.real-time.com

References:
- Re: [TCLUG:6207] ipchains and RH 6.0
  - From: Bob Tanner <tanner@real-time.com>

Prev by Date: Re: [TCLUG:6207] ipchains and RH 6.0
Next by Date: Re: [TCLUG:6201] MRTG and lots of hosts
Prev by thread: Re: [TCLUG:6207] ipchains and RH 6.0
Next by thread: Vote for more Linux games
Index(es):
- Date
- Thread