> Hi all! > > I'm fiddling with ipchains for the first time and it's cool! > > The problem is that now I can't surf the web or ping any other servers. I > guess it's because I set it up to only let packts in from certain servers. > How does one set up ipchains so I can surf and pong?
Ok, You dont have a forwarding rules set on your script, and i thing your not able to enable the ip_forwarding..... try to execute this first at once echo "1" > /proc/sys/net/ipv4/ip_forwrading If your making some rules in ipchains you must know what first rules you have put on your chains. You have to understand the first and last rules you have and where to insert a rules.just like this > ipchains -P input DENY --> change it to ACCEPT useless na ang rules mo dito pa lang....may ouput ka nga pero input mo disable, try mo check ang rules ipchains -L > ipchains -P output ACCEPT > ipchains -P forward ACCEPT this must be your pattern, the first thing is input rules, then output rules and the last the forwarding rules. try this one muna http://www.oofle.com try to check this sites. magulo pa rules mo.. > Here's what I've got in my script. Addresses and interface names have been > changed to "protect the innocent". Any help wopuld be greatly appreciated. > I miss surfing already... > > Thanks! God bless! > -------------------------------------------------------------------------- > > #!/bin/bash > # > # This is an ipchains configuration script. It does the > # following: > # > # 1. Flushes old rulesets > # 2. Set default policies > # 3. Allow local interfaces (loopback and eth0) > # 4. Deny address block we should never see including the local address # > block (192.168.1.0-24) > # 5. Allow some inbound services > # 6. Allow DNS query responses > # 7. Deny all other packets and log them > # > # > # Flush old rulesets > # > ipchains -F input > ipchains -F output > ipchains -F forward > # > # > # Set default policies > # > ipchains -P input DENY > ipchains -P output ACCEPT > ipchains -P forward ACCEPT > # > # > # Allow local interface Rule 3 pare kasama ang eth0 ipchains -A input -i lo -j ACCEPT try to add this one ipchains -A input -i eth0 -j ACCEPT > # > # Deny address blocks we should never see including our local address # > block and log them > > ipchains -A input -i <interfacex> -s 10.0.0.0/8 -j DENY -l > ipchains -A input -i <interfacex> -s 172.16.0.0/12 -j DENY -l > ipchains -A input -i <interfacex> -s 198.168.1.0/24 -j DENY -l useless na ito pare kung wala yan sa network mo.... > # > # Allow incoming mail from ISP's mailserver and POP3 response > # > ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT > ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx --sport 110 -j > ACCEPT change this one to ipchains -A input -s 0/0 -d 0/0 25 -p TCP -y -j ACCEPT how about the port 80? ipchains -A input -s 0/0 -d 0/0 80 -p TCP -y -j ACCEPT > # > # Allow DNS query responses from DNS > # > ipchains -A input -i <interfacex> -p udp -s xxx.xxx.xxx.xxx 53 -j ACCEPT > ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx 53 -j ACCEPT > ipchains -A input -i <interfacex> -p udp -s xxx.xxx.xxx.xxx 53 -j ACCEPT > ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx 53 -j ACCEPT tangalin mo na lang ito, kung hindi dns ang server mo... > > # > # Deny all other packets and log them > # > ipchains -A input -j DENY -l > # > # End of script > > > -- [Manny Amador] ----------------------------- [[EMAIL PROTECTED]] -- > Member: Philippine League for Democratic Telecommunications, Inc. > "Affordable Access for All!" > -- [Distributed Development Network (DDN)] ------- [www.distdev.com] -- _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED] oninz <-- {^0^} _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
