Ola Samuelson wrote:
> Not sure if this is quite right, but I figure ipchains is not
> totally off topic for a net-list.
>
> I have a working firewall and I do want to open a small hole
> in the wall - but it just wont work. Read/tried a lot - but no ...
>
> What I have:
> 1. Linux box, working FW, ipchains
> 2. Two interfaces, 212.212.212.100 outside and 192.168.1.254 inside
> 3. External machine 212.212.212.99(outside) that I would like to connect
> to
> 192.168.1.100(inside) using 4040/tcp.
> 4. Working MASQ of local net
> 5. If I Flush all rules and sets all policies to ACCEPT i can come
> through. But trying to open this "hole" in the wall does not work.
>
> Could someone give me input, output and forward rules
> for this "hole" in the wall. I did not supply my attempts because I did
> not want to confuse you with my (less than perfect) ipchains dialect.
Try the following:
# inbound packets
ipchains -I 1 input -p TCP -i eth0 -s 212.212.212.99 -d 192.168.1.100 4040
-j ACCEPT
ipchains -I 1 forward -p TCP -i eth1 -s 212.212.212.99 -d 192.168.1.100 4040
-j ACCEPT
ipchains -I 1 output -p TCP -i eth1 -s 212.212.212.99 -d 192.168.1.100 4040
-j ACCEPT
# outbound packets
ipchains -I 1 input -p TCP -i eth1 -d 212.212.212.99 -s 192.168.1.100 4040
-j ACCEPT
ipchains -I 1 forward -p TCP -i eth0 -d 212.212.212.99 -s 192.168.1.100 4040
-j ACCEPT
ipchains -I 1 output -p TCP -i eth0 -d 212.212.212.99 -s 192.168.1.100 4040
-j ACCEPT
This assumes that eth0 is the outside interface and eth1 is the inside
interface.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
