/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Hello, I changed the $INTIF to $EXTIF and now the server is visible to me from the inside of the network. You are correct in your assumption that I would like this server to be accessible from the Internet through the External interface, unfortunately I still cannot see it from outside the network. I have placed the rule in the Optional section before the "Catch all rule, all other incoming is denied and logged." I assume this is what you are referring to as the final input DROP rule. I have not yet tried your second suggestion, but I will give that a shot next and see how that works. I am also looking forward to a solution to Loren's question about SSH through MASQ gateway. SSH works fine for me with the simple firewall ruleset, but not when I load the stronger ruleset. One last thing, I currently load the firewall with a line at the end of the /etc/rc.d/rc.local file. When I try to load it the preferred way, by copying the appropriate file into the /etc/rc.d/init.d directory and running the command "chkconfig --level=345 firewall-2.4 on" the firewall load fails and returns an error message "execvp: Permission Denied". I would like to use this method to load the firewall, if anybody has any suggestions I'd sure appreciate hearing them. Jack Minshull > ----- Original Message ----- > From: "David Ranch" <[EMAIL PROTECTED]> > To: "Jack Minshull" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, May 07, 2002 7:16 PM > Subject: Re: [Masq] IP MASQ Stronger firewall ruleset > > > > > > ># Tribes2 - Enable the following lines if you run an Tribes2 server > > ># > > >$IPTABLES -A INPUT -i $INTIF -p tcp --sport 28000 --dport 28000 -j > ACCEPT > > >$IPTABLES -A INPUT -i $INTIF -p udp --sport 28000 --dport 28000 -j > ACCEPT > > > > That should be $EXTIF if this server is to be reachable via > > the Internet. Beyond that, just make sure this INPUT > > rule BEFORE the final input DROP rule. > > > > Also, you might need something like this in the OUTPUT > > section too. > > > > > > >echo -e " - Allowing EXTERNAL access to the Tribes2 server" > > >$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \ > > >-p tcp -s $UNIVERSE -d $EXTIP --dport 28000 -j ACCEPT > > > > First, this is on the EXTERNAL interface. IS this what you > > want? Next, this is for stateful tracking which might or might > > not work (try it). Just be sure that you don't do BOTh of these > > examples at the same time. You should also duplicate this for UDP > > and also the other ports (28001, etc). > > > > --David > > > .--------------------------------------------------------------------------- > -. > > | David A. Ranch - Linux/Networking/PC hardware > [EMAIL PROTECTED] | > > > ----! > > `----- For more detailed info, see > http://www.ecst.csuchico.edu/~dranch -----' > > > > > > > --__--__-- > > _______________________________________________ > Masq maillist - [EMAIL PROTECTED] > http://home.indyramp.com/mailman/listinfo/masq > Admin requests handled at the above URL or [EMAIL PROTECTED] > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. > > End of Masq Digest _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
