My problem is I have a small network of 4 computers with my own gateway using ipmasq for all sub systems now my firewall script for this gateway i belive is stopping me from connecting to any of my servers running on my gateway. I notice when i try to connect from any of the sub systems through gateway to use auth it wont establish i have identd running when trying irc , but i can connect to irc from gateway itself Also i have running ssh on the gateway and some others that i cannot even establish a conneciton from the gateway or sub systems . Ie i try ssh from gateway to gateway and i cannot connect. Also i try from sub systems no luck cannot connect. systems MY sub systems ----> My gateway ------> ISP Here is my ipchains rules.. Again any help will be great :) ------------------------------------ echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter ipchains -M -S 14400 30 300 ipchains -A input -i ! lo -j DENY ipchains -A output -i ! lo -j DENY ipchains -A forward -j DENY ipchains -A input -i lo -j ACCEPT ipchains -A output -i lo -j ACCEPT ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp ipchains -P forward DENY ipchains -A forward -i eth0 -j MASQ ipchains -N icmp-acc ipchains -N bad-if ipchains -N good-if ipchains -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT ipchains -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT ipchains -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT ipchains -A icmp-acc -p icmp --icmp-type parameter-problem -j ACCEPT ipchains -A forward -j DENY -l ipchains -A bad-if -i eth1 -j DENY -l ipchains -A bad-if -p ICMP --icmp-type pong -j ACCEPT ipchains -A bad-if -p TCP --dport ssh -j ACCEPT ipchains -A bad-if -j icmp-acc ipchains -A bad-if -j DENY ipchains -A good-if -i eth0 -j DENY ipchains -A good-if -p ICMP --icmp-type ping -j ACCEPT ipchains -A good-if -p ICMP --icmp-type pong -j ACCEPT ipchains -A good-if -j icmp-acc ipchains -A good-if -j DENY -l #modprobe ip_masq_cuseeme.o modprobe ip_masq_ftp.o modprobe ip_masq_irc.o modprobe ip_masq_icq.o #modprobe ip_masq_mfw.o #modprobe ip_masq_portfw.o #modprobe ip_masq_quake.o #modprobe ip_masq_raudio.o #modprobe ip_masq_user.o #modprobe ip_masq_vdolive.o ipchains -D input 1 ipchains -D forward 1 ipchains -D output 1 --------------------------------
[EMAIL PROTECTED] wrote: > > Hello i have a problem which i belive in my firewall script Sorry I have nothing to say on your problem. But your subject line was empty ... which will annoy many on the list since they use a filter to file away and later retrieve slug postsing. -rickw -- Rick Welykochy || Praxis Services Pty Limited
