Why are you using 10.10.10.70/32. This is the same as using 10.10.10.70.
The /32 (or anything between 0 and 32) determines a netmask of
255.255.255.255. /24 would mean a netmask of 255.255.255.0 ......
If you want just the one IP (10.10.10.70) you will not need /32.
I would also not use REJECT, but rather DENY. The difference is, that with
DENY the request packets from the source are dropped without response.
REJECT sends back an ICMP packet to the source saying "You're not allowed
here". You would not want to "tell" anyone (maybe except for debugging),
that you do not accept connections at the port of 23 (or any port for this
matter).
Other than that this particular rule looks fine to me.
Bernhard L�der
ICQ 26070583
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> George Vieira
> Sent: Friday, September 22, 2000 9:35 AM
> To: Sydney Linux Users Group in Sydney (E-mail)
> Subject: [SLUG] IPCHAINS problem.
>
>
> AArrgh...
>
> I'm not great at IPCHAINS and have this problem should
> someone point out
> what's going on and if any better way of cleaning it up.
> I'm trying to make the default policies to DENY and rewrite
> my rules as
> before they were ACCEPTed as default but something is
> breaking and I have no
> idea why or what's going on..
>
> The below rules are a copy of my home to work chains list and for some
> reason the rule which is marked as *sucked* won't work with
> 10.10.10.70/32
> which is the current static IP of my PPP link.
> Though if I use 10.10.0.0/16 it all works fine.
>
> I know the rules work for top to bottom but what I don't
> understand is what
> happens when a rule is true? Does it continue down the list
> or exits the
> rule table or what? This is where I'm lost.
>
> Can anybody give me a better guide as to what's going on...
>
> thanks.
>
> echo 1 > /proc/sys/net/ipv4/ip_forward # Yeah I know RH has
> /etc/sysconfig/network but can't be bothered.
> /sbin/ipportfw
>
> /sbin/ipchains -F
> /sbin/ipchains -X
> /sbin/ipchains -Z
>
> /sbin/ipchains -M -S 14400 30 300
>
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains -P forward DENY
>
> # Internal LAN rules
> /sbin/ipchains -A input -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
> /sbin/ipchains -A output -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
>
> # IP Forwarding
> /sbin/ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ
>
> # Unsecure network rules
> /sbin/ipchains -A input -s 0.0.0.0/0 -d 10.10.10.70/32 -j ACCEPT
> /sbin/ipchains -A output -s 10.10.0.0/16 -d 0.0.0.0/0 -j ACCEPT
> <--------This line sucks...
> # /sbin/ipchains -A input -s 0.0.0.0/0 -d 10.10.10.70/32 23
> -p tcp -i ppp0
> -j REJECT
>
> # IP Forwarding
> /sbin/ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ
>
>
>
> thanks,
> George Vieira
> Network Administrator
> http://www.citadelcomputer.com.au
> PGP Fingerprint : 43DC 92AC 1A82 27B2 E97B 52F1 B60F
> 301A 38A9 A10C
> PGP KeyID: 0x38A9A10C
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
