From: Dean M. <dm...@st...> - 2001-11-02 00:05:14
|
I am using version .83.1 with webmin .88 on rh 7.1. I am using the template setup but am having trouble getting access to the protected interface which is offering dhcp services (dhcp works when I do not load the firewall script). All the other services work correctly... any advise would be great Here is the script (the last line of which I added by hand) #!/bin/sh # IPchains Firewalling Script File # Generated by IPchains Firewalling Webmin Module # Copyright (C) 1999-2000 by Tim Niemueller, GPL # http://www.niemueller.de/webmin/modules/ipchains/ # Created on 1/Nov/2001 14:25 /sbin/ipchains -F /sbin/ipchains -X ##MODE 2 ##MASQ /sbin/ipchains -P input DENY /sbin/ipchains -P output DENY /sbin/ipchains -P forward DENY /sbin/ipchains -A input -i lo -j ACCEPT /sbin/ipchains -A output -i lo -j ACCEPT #Do not accept packets from private class A on ext NIC /sbin/ipchains -A input -i eth0 -s 10.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -d 10.0.0.0/8 -j DENY /sbin/ipchains -A output -i eth0 -s 10.0.0.0/8 -j DENY /sbin/ipchains -A output -i eth0 -d 10.0.0.0/8 -j DENY #Do not accept packets from private class B on ext NIC /sbin/ipchains -A input -i eth0 -s 172.16.0.0/12 -j DENY /sbin/ipchains -A input -i eth0 -d 172.16.0.0/12 -j DENY /sbin/ipchains -A output -i eth0 -s 172.16.0.0/12 -j DENY /sbin/ipchains -A output -i eth0 -d 172.16.0.0/12 -j DENY #Do not accept packets from private class C on ext NIC /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -j DENY /sbin/ipchains -A input -i eth0 -d 192.168.0.0/16 -j DENY /sbin/ipchains -A output -i eth0 -s 192.168.0.0/16 -j DENY /sbin/ipchains -A output -i eth0 -d 192.168.0.0/16 -j DENY # Loopback packets should not be handled from ext NIC /sbin/ipchains -A input -i eth0 -s 127.0.0.0/8 -j DENY /sbin/ipchains -A output -i eth0 -s 127.0.0.0/8 -j DENY #Refuse Bogus Broadcasts /sbin/ipchains -A input -i eth0 -s 255.255.255.255 -j DENY /sbin/ipchains -A input -i eth0 -d 0.0.0.0 -j DENY # Refuse Requests from reserved IANA/ICANN adresses /sbin/ipchains -A input -i eth0 -s 1.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 2.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 5.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 7.0.0.0/8 -j DENY # They have the Illuminati number of course :) /sbin/ipchains -A input -i eth0 -s 23.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 27.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 31.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 36.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 37.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 39.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 41.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 42.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 58.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 59.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 60.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 67.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 218.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 219.0.0.0/8 -j DENY /sbin/ipchains -A input -i eth0 -s 68.0.0.0/6 -j DENY /sbin/ipchains -A input -i eth0 -s 72.0.0.0/5 -j DENY /sbin/ipchains -A input -i eth0 -s 80.0.0.0/4 -j DENY /sbin/ipchains -A input -i eth0 -s 96.0.0.0/3 -j DENY /sbin/ipchains -A input -i eth0 -s 220.0.0.0/6 -j DENY # Basic ICMP packages are needed for running a network /sbin/ipchains -A input -i eth0 -p icmp --icmp-type source-quench -d 207.232.113.48 -j ACCEPT /sbin/ipchains -A output -i eth0 -p icmp --icmp-type source-quench -d 0.0.0.0/0 -j ACCEPT /sbin/ipchains -A input -i eth0 -p icmp --icmp-type parameter-problem -d 207.232.113.48 -j ACCEPT /sbin/ipchains -A output -i eth0 -p icmp --icmp-type parameter-problem -d 0.0.0.0/0 -j ACCEPT /sbin/ipchains -A input -i eth0 -p icmp --icmp-type destination-unreachable -d 207.232.113.48 -j ACCEPT /sbin/ipchains -A output -i eth0 -p icmp --icmp-type destination-unreachable -d 0.0.0.0/0 -j ACCEPT /sbin/ipchains -A input -i eth0 -p icmp --icmp-type time-exceeded -d 207.232.113.48 -j ACCEPT /sbin/ipchains -A output -i eth0 -p icmp --icmp-type time-exceeded -d 0.0.0.0/0 -j ACCEPT ##=> DNS-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 53 -p udp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 53 -d 192.168.75.0/255.255.255.0 1024:65535 -p udp -j ACCEPT ##=> DNS-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 53 -p udp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 53 -d 192.168.75.0/255.255.255.0 1024:65535 -p udp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 53 -d 192.168.75.0/255.255.255.0 1024:65535 -p udp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 53 -p udp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 53 -p udp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 53 -d 192.168.75.0/255.255.255.0 1024:65535 -p udp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 53 -d 207.232.113.48 1024:65535 -p udp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 53 -p udp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 53 -p udp -j MASQ ##=> DNS-fwout # Already set in line 100 # Already set in line 99 ##=> Webmin-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 1000 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1000 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##=> Webmin-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 1000 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 1000 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 1000 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 1000 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 1000 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 1000 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 1000 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 1000 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 1000 -p tcp -j MASQ ##=> Webmin-outfw /sbin/ipchains -A input -i eth0 -d 207.232.113.48 1000 -s ! 192.168.75.1 1024:65535 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1000 -d ! 192.168.75.1 1024:65535 -p tcp -j ACCEPT ##=> Webmin-fwout # Already set in line 122 # Already set in line 121 ##=> DHCP-infw /sbin/ipchains -A input -i eth1 -s 0.0.0.0 68 -d 255.255.255.255 67 -p udp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 67 -d 192.168.75.0/255.255.255.0 68 -p udp -j ACCEPT ##=> POP3-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 110 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 110 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 110 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 110 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 110 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 110 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 110 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 110 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 110 -p tcp -j MASQ ##=> Ping-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 -d 192.168.75.1 -p icmp --icmp-type echo-request -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 -d 192.168.75.0/255.255.255.0 -p icmp --icmp-type echo-reply -j ACCEPT ##=> Ping-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 -d ! 192.168.75.1 -p icmp --icmp-type echo-request -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 -d 192.168.75.0/255.255.255.0 -p icmp --icmp-type echo-reply -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 -d 192.168.75.0/255.255.255.0 -p icmp --icmp-type echo-reply -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 -d ! 192.168.75.1 -p icmp --icmp-type echo-request -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 -d ! 192.168.75.1 -p icmp --icmp-type echo-request -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 -d 192.168.75.0/255.255.255.0 -p icmp --icmp-type echo-reply -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 -d 207.232.113.48 -p icmp --icmp-type echo-reply -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 -d ! 192.168.75.1 -p icmp --icmp-type echo-request -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 -d ! 192.168.75.1 -p icmp --icmp-type echo-request -j MASQ ##=> Ping-fwin /sbin/ipchains -A output -i eth1 -s 192.168.75.1 -d 192.168.75.0/255.255.255.0 -p icmp --icmp-type echo-request -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 -d 192.168.75.1 -p icmp --icmp-type echo-reply -j ACCEPT ##=> Ping-fwout # Already set in line 166 # Already set in line 165 ##=> NetBIOS-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 137 -d 192.168.75.255 137 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 137 -d 192.168.75.1 137 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 137 -d 192.168.75.0/255.255.255.0 137 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 137 -d 192.168.75.1 137 -p udp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 137 -d 192.168.75.0/255.255.255.0 137 -p udp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 138 -p udp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 138 -d 192.168.75.0/255.255.255.0 1024:65535 -p udp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 139 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 139 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##=> NetBIOS-fwin /sbin/ipchains -A output -i eth1 -s 192.168.75.1 137 -d 192.168.75.255 137 -p udp -j ACCEPT # Already set in line 182 # Already set in line 183 # Already set in line 184 # Already set in line 185 /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1024:65535 -d 192.168.75.0/255.255.255.0 138 -p udp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 138 -d 192.168.75.1 1024:65535 -p udp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1024:65535 -d 192.168.75.0/255.255.255.0 139 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 139 -d 192.168.75.1 1024:65535 ! -y -p tcp -j ACCEPT ##=> SSH-infw /sbin/ipchains -A input -i eth1 -p tcp -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 22 -j ACCEPT /sbin/ipchains -A output -i eth1 -p tcp ! -y -s 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 1024:65535 -j ACCEPT /sbin/ipchains -A input -i eth1 -p tcp -s 192.168.75.0/255.255.255.0 513:1023 -d 192.168.75.1 22 -j ACCEPT /sbin/ipchains -A output -i eth1 -p tcp ! -y -s 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 513:1023 -j ACCEPT ##=> SSH-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 22 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 513:1023 -d ! 192.168.75.1 22 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 513:1023 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 22 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 22 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 513:1023 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 513:1023 -d ! 192.168.75.1 22 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 513:1023 -d ! 192.168.75.1 22 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 22 -d 192.168.75.0/255.255.255.0 513:1023 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 22 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 22 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 22 -p tcp -j MASQ /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 22 -d 207.232.113.48 513:1023 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 513:1023 -d ! 192.168.75.1 22 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 513:1023 -d ! 192.168.75.1 22 -p tcp -j MASQ ##=> SSH-outfw /sbin/ipchains -A input -i eth0 -p tcp -s ! 192.168.75.1 1024:65535 -d 207.232.113.48 22 -j ACCEPT /sbin/ipchains -A output -i eth0 -p tcp ! -y -s 207.232.113.48 22 -d ! 192.168.75.1 1024:65535 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp -s ! 192.168.75.1 513:1023 -d 207.232.113.48 22 -j ACCEPT /sbin/ipchains -A output -i eth0 -p tcp ! -y -s 207.232.113.48 22 -d ! 192.168.75.1 513:1023 -j ACCEPT ##=> SSH-fwin /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1024:65535 -d 192.168.75.0/255.255.255.0 22 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 22 -d 192.168.75.1 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 513:1023 -d 192.168.75.0/255.255.255.0 22 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 22 -d 192.168.75.1 513:1023 ! -y -p tcp -j ACCEPT ##=> SSH-fwout # Already set in line 225 # Already set in line 224 # Already set in line 228 # Already set in line 227 ##=> HTTPS-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 443 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 443 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##=> HTTPS-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 443 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 443 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 443 -d 192.168.75.0/255.255.255.0 1024:65535 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 443 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 443 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 443 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 443 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 443 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 443 -p tcp -j MASQ ##=> SMTP-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 25 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 25 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##=> SMTP-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 25 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 25 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 25 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 25 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 25 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 25 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 25 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 25 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 25 -p tcp -j MASQ ##=> SMTP-fwin /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1024:65535 -d 192.168.75.0/255.255.255.0 25 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 25 -d 192.168.75.1 1024:65535 ! -y -p tcp -j ACCEPT ##=> SMTP-fwout # Already set in line 283 # Already set in line 282 ##=> Telnet-fwin /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1024:65535 -d 192.168.75.0/255.255.255.0 23 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 23 -d 192.168.75.1 1024:65535 ! -y -p tcp -j ACCEPT ##=> HTTP-fwin /sbin/ipchains -A output -i eth1 -s 192.168.75.1 1024:65535 -d 192.168.75.0/255.255.255.0 80 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 80 -d 192.168.75.1 1024:65535 ! -y -p tcp -j ACCEPT ##=> HTTP-fwout /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 80 -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 80 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT ##=> Proxy-infw /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d 192.168.75.1 8080 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s 192.168.75.1 8080 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##=> Proxy-inout /sbin/ipchains -A input -i eth1 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 8080 -p tcp -j ACCEPT /sbin/ipchains -A output -i eth1 -s ! 192.168.75.1 8080 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 8080 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A output -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 8080 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth0 -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 8080 -p tcp -j ACCEPT ##NOMASQ: /sbin/ipchains -A forward -i eth1 -s ! 192.168.75.1 8080 -d 192.168.75.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A input -i eth0 -s ! 192.168.75.1 8080 -d 207.232.113.48 1024:65535 ! -y -p tcp -j ACCEPT /sbin/ipchains -A output -i eth0 -s 207.232.113.48 1024:65535 -d ! 192.168.75.1 8080 -p tcp -j ACCEPT /sbin/ipchains -A forward -s 192.168.75.0/255.255.255.0 1024:65535 -d ! 192.168.75.1 8080 -p tcp -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward |
From: Stephan <go...@go...> - 2002-04-12 11:45:18
|
I installed the ipchains module from tim niemueller on my desktop. When I set it to anything other than "disabled" I have no web access. I don't think that disabling the firewall is a good workaround for webbrowsing. In configuration "personal" firewall is selected. |
From: Landy R. <la...@de...> - 2002-11-28 15:26:43
|
how can i add an ip so no one from the inside can go there? i am trying the module from webmin but no luck R.R. |
From: David B. <dw...@we...> - 2002-11-28 17:56:46
|
Landy Roman writes: > how can i add an ip so no one from the inside can go there? > > i am trying the module from webmin but no luck > R.R. > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list Hello Landy, i was of the understanding that webmin did not operate on ipchains? i thought webmin was geared toward iptables only. someone correct me if i'm wrong. i assume u mean the private side of the firewall? more info pls: a private class subnet w/ static ip or dhcp? is the "outside" also a private class network? if u mean "inside" to be a private class subnet e.g. 192.168.0.0/255.255.255.255 then generally u could divide a subnet into 2 parts 192.168.255.0/25 or 192.168.255.0/255.255.255.128 where the subnet range 128-255 would always be "visible" and the range 0-127 would always resolve to 0. hope this helps, david. |