From cdtwigg@u.washington.edu Sun Oct 10 21:42:03 1999 Received: from jason03.u.washington.edu (root@jason03.u.washington.edu [140.142.77.10]) by lists.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.09) with ESMTP id VAA69094 for ; Sun, 10 Oct 1999 21:42:03 -0700 Received: from dante14.u.washington.edu (cdtwigg@dante14.u.washington.edu [140.142.15.24]) by jason03.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.09) with ESMTP id VAA19722 for ; Sun, 10 Oct 1999 21:42:02 -0700 Received: from localhost (cdtwigg@localhost) by dante14.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.09) with ESMTP id VAA54572 for ; Sun, 10 Oct 1999 21:42:02 -0700 Date: Sun, 10 Oct 1999 21:42:02 -0700 (PDT) From: Christopher Twigg To: UW Linux Group Subject: Re: ipchains and firewalling In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Did you do the whole "echo 1 > /proc/sys/net/ipv4/ip_forward" thing yet? Also, you might try simplifying the whole thing by giving a target of "ACCEPT" in the input table rather than sending it to another chain. Just tag a "-j ACCEPT" to the end... Christopher Twigg cdtwigg@u.washington.edu On Sat, 9 Oct 1999, Jeffrey John Kyllo wrote: > Is anyone familiar with using ipchains? I hope so because I'm stumped. > I'll append the rules that I have to the end of this e-mail if someone > might want to help. Basically, with the rules set and everything, it > seems that all packets are being rejected. I'm trying to get it to work > so that all packets except for given services (ssh, www, dns, maybe ftp) > are rejected. Anyway, thanks for any help. > > -Jeff K. > > Chain input (policy REJECT): > target prot opt source destination ports > icmp icmp ------ anywhere anywhere any -> any > www udp ------ anywhere anywhere any -> www > www tcp ------ anywhere anywhere any -> www > dns udp ------ anywhere anywhere any -> domain > dns tcp ------ anywhere anywhere any -> domain > dns tcp ------ anywhere anywhere any -> nameserver > ssh tcp ------ anywhere anywhere any -> ssh > ssh udp ------ anywhere anywhere any -> ssh > ftp tcp ------ anywhere anywhere any -> ftp-data > ftp tcp ------ anywhere anywhere any -> ftp > Chain forward (policy ACCEPT): > Chain output (policy ACCEPT): > Chain ftp (1 references): > target prot opt source destination ports > ACCEPT all ------ anywhere anywhere n/a > Chain ssh (2 references): > target prot opt source destination ports > ACCEPT all ------ anywhere anywhere n/a > Chain icmp (1 references): > target prot opt source destination ports > ACCEPT all ------ anywhere anywhere n/a > Chain dns (3 references): > target prot opt source destination ports > ACCEPT all ------ anywhere anywhere n/a > Chain www (2 references): > target prot opt source destination ports > ACCEPT all ------ anywhere anywhere n/a > > > > .