Quoting fooler <[EMAIL PROTECTED]>:
> Rebecca wrote:
>
> > i finally able to access the page. i added the 4th line on my chain
> > rules.
> >
> > /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 80 -l -j
> ACCEPT
> > /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 53 -l -j
> ACCEPT
> > /sbin/ipchains -A input -p udp -s 0.0.0.0/0 -d x.x.x.2 53 -l -j
> ACCEPT
> > /sbin/ipchains -A input -i eth0 -j ACCEPT
> > /sbin/ipchains -A input -s 0.0.0.0/0 -l -j DENY
> >
> > i suspected that the DENY eth0 is causing the problem.
> > i'd appreciate if you can give me a better set of rules that d above.
> >
> > browser(client)---- eth1--linux firewall--eth0---webserver
> >
> > 218=client
> > 221=eth1
> > 209=eth0
> > 210=websvr
>
> /sbin/ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 -d 202.163.229.210
> 80 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 -d 202.163.229.210
> 53 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p udp -s 0.0.0.0/0 -d 202.163.229.210
> 53 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -s 0.0.0.0/0 -j DENY
>
shouldn't it be eth1, since its the one facing the internet??
> these are the rules at your *firewall box*.. my previous rules was only
> good at the webserver box...
>
> fooler.
>
> _
> Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to
> [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
> [EMAIL PROTECTED]
>
----------------------------------------------
This message was sent via World Wide Web Corp.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
