Hello everyone,
I have a problem that has nothing to do with PHP. I know
I shouldn't ask it here, but I need a response urgently as it's
a major security hole.
I'm trying to set up a firewall, I've sucessfully got my portblocking
working and all the ones I need open are open, but I can't get
my masquerading to work when I turn on my firewall.
Here it is...
---
#!/bin/sh
/etc/rc.d/init.d/ipchains stop
/etc/rc.d/init.d/ipchains start
depmod -a
echo 1 /proc/sys/net/ipv4/ip_forward
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
ipchains -A forward -s 203.45.222.39/32 -d 0/0 -j ACCEPT
ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ
ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j ACCEPT
ipchains -P input DENY
# If I comment out the above line, masquerading works
# but as soon as I uncomment it, my security goes up and
# my masquerading does down! ARGH!
ipchains -A input -j ACCEPT -s 0/0 -d 0/0 25 -p tcp
ipchains -A input -j ACCEPT -s 0/0 -d 0/0 80 -p tcp
ipchains -A input -j ACCEPT -s 0/0 -d 0/0 53 -p tcp
ipchains -A input -j ACCEPT -s 0/0 -d 0/0 53 -p udp
ipchains -A input -j ACCEPT -s 0/0 -d 0/0 68 -p udp
ipchains -A input -j ACCEPT -s 0/0 -d 0/0 110 -p tcp
ipchains -A input -j ACCEPT -s 192.168.0.0/24
#ipchains -A input -j ACCEPT -p icmp
ipchains -A input -i lo -j ACCEPT
ipchains -A input -i eth1 -j ACCEPT
---
I've spent hours trying to work this out, and I'm sure it's
something REALLY basic that I've missed.
Major apologies for asking this here, if you have a suggestion
where I should ask such a question in the future, please tell me.
Thank you very much for your help!
Liam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php