Hello everyone, I have a problem that has nothing to do with PHP. I know I shouldn't ask it here, but I need a response urgently as it's a major security hole.
I'm trying to set up a firewall, I've sucessfully got my portblocking working and all the ones I need open are open, but I can't get my masquerading to work when I turn on my firewall. Here it is... ----------------------------------------------------------------------- #!/bin/sh /etc/rc.d/init.d/ipchains stop /etc/rc.d/init.d/ipchains start depmod -a echo "1" > /proc/sys/net/ipv4/ip_forward ipchains -P forward DENY ipchains -A forward -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT ipchains -A forward -s 203.45.222.39/32 -d 0/0 -j ACCEPT ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j ACCEPT ipchains -P input DENY # If I comment out the above line, masquerading works # but as soon as I uncomment it, my security goes up and # my masquerading does down! ARGH! ipchains -A input -j ACCEPT -s 0/0 -d 0/0 25 -p tcp ipchains -A input -j ACCEPT -s 0/0 -d 0/0 80 -p tcp ipchains -A input -j ACCEPT -s 0/0 -d 0/0 53 -p tcp ipchains -A input -j ACCEPT -s 0/0 -d 0/0 53 -p udp ipchains -A input -j ACCEPT -s 0/0 -d 0/0 68 -p udp ipchains -A input -j ACCEPT -s 0/0 -d 0/0 110 -p tcp ipchains -A input -j ACCEPT -s 192.168.0.0/24 #ipchains -A input -j ACCEPT -p icmp ipchains -A input -i lo -j ACCEPT ipchains -A input -i eth1 -j ACCEPT ----------------------------------------------------------------------- I've spent hours trying to work this out, and I'm sure it's something REALLY basic that I've missed. Major apologies for asking this here, if you have a suggestion where I should ask such a question in the future, please tell me. Thank you very much for your help! Liam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
