Re: [plug] ipchains

Rebecca Sat, 19 May 2001 01:42:46 -0700
i finally able to access the page. i added the 4th line on my chain
rules.

 /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 80 -l -j ACCEPT
 /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 53 -l -j ACCEPT
 /sbin/ipchains -A input -p udp -s 0.0.0.0/0 -d x.x.x.2 53 -l -j ACCEPT
 /sbin/ipchains -A input -i eth0 -j ACCEPT
 /sbin/ipchains -A input -s 0.0.0.0/0 -l -j DENY

i suspected that the DENY eth0 is causing the problem.
i'd appreciate if you can give me a better set of rules that d above.

       browser(client)---- eth1--linux firewall--eth0---webserver

218=client
221=eth1
209=eth0
210=websvr



here's the log file:
May 19 16:00:06 redhat kernel: Packet log: input DENY eth1 PROTO=6 
202.163.229.218:1315 202.163.229.221:23 L=40
 S=0x00 I=39201 F=0x4000 T=126 (#4)
May 19 16:00:06 redhat kernel: Packet log: input DENY eth1 PROTO=6 
202.163.229.218:1315 202.163.229.221:23 L=40
 S=0x00 I=39457 F=0x4000 T=126 (#4)
May 19 16:00:07 redhat kernel: Packet log: input DENY eth1 PROTO=6 
202.163.229.218:1315 202.163.229.221:23 L=40
 S=0x00 I=39713 F=0x4000 T=126 (#4)
May 19 16:00:10 redhat kernel: Packet log: input DENY eth1 PROTO=6 
202.163.229.218:1315 202.163.229.221:23 L=40
 S=0x00 I=39969 F=0x4000 T=126 (#4)
May 19 16:00:12 redhat kernel: Packet log: input ACCEPT eth1 PROTO=6 
202.163.229.218:1318 202.163.229.210:80 L=
48 S=0x00 I=40225 F=0x4000 T=126 SYN (#1)
May 19 16:00:12 redhat kernel: Packet log: input DENY eth0 PROTO=6 202.163.229.210:80 
202.163.229.218:1318 L=48
 S=0x00 I=23229 F=0x4000 T=255 (#4)
May 19 16:00:15 redhat kernel: Packet log: input ACCEPT eth1 PROTO=6 
202.163.229.218:1318 202.163.229.210:80 L=
48 S=0x00 I=40481 F=0x4000 T=126 SYN (#1)
May 19 16:00:15 redhat kernel: Packet log: input DENY eth0 PROTO=6 202.163.229.210:80 
202.163.229.218:1318 L=40
 S=0x00 I=23230 F=0x4000 T=255 (#4)
May 19 16:00:15 redhat kernel: Packet log: input DENY eth1 PROTO=6 
202.163.229.218:1315 202.163.229.221:23 L=40
 S=0x00 I=40737 F=0x4000 T=126 (#4)
May 19 16:00:15 redhat kernel: Packet log: input DENY eth0 PROTO=6 202.163.229.210:80 
202.163.229.218:1318 L=48
 S=0x00 I=23231 F=0x4000 T=255 (#4)
May 19 16:00:18 redhat kernel: Packet log: input ACCEPT eth1 PROTO=6 
202.163.229.218:1320 202.163.229.210:80 L=
48 S=0x00 I=41249 F=0x4000 T=126 SYN (#1)
May 19 16:00:18 redhat kernel: Packet log: input DENY eth0 PROTO=6 202.163.229.210:80 
202.163.229.218:1320 L=48
 S=0x00 I=23232 F=0x4000 T=255 (#4)
May 19 16:00:21 redhat kernel: Packet log: input ACCEPT eth1 PROTO=6 
202.163.229.218:1318 202.163.229.210:80 L=
48 S=0x00 I=41761 F=0x4000 T=126 SYN (#1)
May 19 16:00:21 redhat kernel: Packet log: input DENY eth0 PROTO=6 202.163.229.210:80 
202.163.229.218:1318 L=40
 S=0x00 I=23233 F=0x4000 T=255 (#4)

     

thanks a lot!
rebecca 

On Sat, 19 May 2001, Mark Anthony J. Mercado wrote:

> 
> try turning logging on... so you can see what's dropped...
> 
> /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 80 -l -j ACCEPT
> /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 53 -l -j ACCEPT
> /sbin/ipchains -A input -p udp -s 0.0.0.0/0 -d x.x.x.2 53 -l -j ACCEPT
> /sbin/ipchains -A input -s 0.0.0.0/0 -l -j DENY
> 
> take note of the -l's
> 
> then look at the logs ... they're usually written at
> 
> /var/log/messages
> 
> hth,
> 
> -mark
> 
> On Sat, 19 May 2001, Rebecca wrote:
> 
> > still no luck with the code below. cant access x.x.x.2  
> > cant access the website.
> > 
> > btw, i execute the code below from the command line, after that i get
> > disconnected and i try to access url x.x.x.2 from another PC but cant.
> > 
> > 
> > thanks.
> > ina
> > On Fri, 18 May 2001, fooler wrote:
> > 
> > > 
> > > the proper code for ipchains for your needs:
> > > 
> > > /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 80 -j ACCEPT
> > > /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 53 -j ACCEPT
> > > /sbin/ipchains -A input -p udp -s 0.0.0.0/0 -d x.x.x.2 53 -j ACCEPT
> > > /sbin/ipchains -A input -s 0.0.0.0/0 -j DENY
> > > 
> > > fooler.
> 
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> 
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
>[EMAIL PROTECTED]
> 


_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]
Re: [plug] ipchains

Reply via email to
