/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi
I talk to the net via a diskless firewall box running Linux 2.2.17.
I am currently using ipchains and ipmasqadm.
I would like to deny all external access to my internal network and to
the firewall, with the exception of port 22 (sshd) which is to be
forwarded to a box on my internal network. I must accept responses to
connections initiated by the internal network.
I would like to preserve ftp and telnet access to the firewall box,
but only from the internal network.
In other words, I want to deny all incoming connections on the
external interface, unless they are responses to packets that have
been rewritten by the forwarding mechanism. (Currently I do this with
tcpd, which only allows ftp and telnet access from the local network,
but I want something better than this.)
If it is not possible to do this with 2.2.17/ipchains/ipmasqadm, is
there another mechanism that will run under Linux which will do this?
And again, if it is not possible with 2.2.17/ipchains/ipmasqadm, why
not? Isn't this the functionality that everyone wants? And isn't it
trivial to implement given that ipmasq presumably keeps track of the
packets it has rewritten, and the responses to those packets should,
again presumably, carry the request packets' unique identifiers
somewhere within them?
Thanks,
chris
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
