TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPCHAINS again...
Hi,
Ok, I've setup my firewall using IPCHAINS to be exactly right, except for
one thing.
I can't get anywhere.
Here's what I'm doing:
I'm setting the input and forward chains to deny, and output to accept:
ipchains -P input DENY
ipchains -P forward DENY
ipchains -P output ACCEPT
Then I'm allowing the loopback network interface to do whatever:
ipchains -A input -i lo -j ACCEPT
Then I'm allowing the 'internal' machine to do whatever:
ipchains -A input -p all -s 192.168.0.0/24 -d 0/0 -j ACCEPT
Then I'm allowing the firewall machine to do whatever:
ipchains -A input -p all -s <My IP Addr> -d 206.147.104.200 -j ACCEPT
Then I'm allowing various services into my machine:
ipchains -A input -p tcp -s 0/0 -d <My IP Addr> --dport 80 -j ACCEPT
...
And Masq'ing for the 'internal' machine:
ipchains -A forward -s 192.168.0.0/24 -j MASQ
Now local machines can talk to each other, no problem. External sites can
connect to my website, no problem. But I can't get anywhere from the
firewall or any internal box (the internals get blocked by the firewall).
I've checked things with
ipchains -v -C input -p tcp -y -i eth0 -s <My IP Addr> 60000 -d 206.10.252.12 80
and it says "Accepted". Same for output and forward.
I'm somehow messing up something on the input chain, because when I
ipchains -P input ACCEPT, everything works. However, having input on
ACCEPT is pretty much pointess...
Can anyone tell me what I'm missing? Please?
-Yaron
--