Re: [SLUG] IP Masq problem..

Wed, 06 Dec 2000 16:00:59 -0800 

I thought so also..so I hunted for some type of "generic" 
rules...

from tucows I used the simple ipchain rules they used...

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.10.0/24 -j MASQ

as well as the timeout rule...this didn't fix the problem..I 
thought these were pretty open and left everything suspect in 
relation to security, but felt they should work, however they 
didn't...can anybody see anything wrong with these, because they 
look OK to me

        From [EMAIL PROTECTED]  Thu Dec  7 11:08:52 2000
        Return-Path: [EMAIL PROTECTED]
        Message-ID: <[EMAIL PROTECTED]>
        Date: Thu, 07 Dec 2000 10:57:22 +1100
        From: [EMAIL PROTECTED] (Doug Stalker)
        X-Mailer: Mozilla 4.61 [en] (Win98; U)
        X-Accept-Language: en
        MIME-Version: 1.0
        To: George Ferizis <[EMAIL PROTECTED]>, SLUG 
<[EMAIL PROTECTED]>
        Subject: Re: [SLUG] IP Masq problem..
        References: 
<[EMAIL PROTECTED]>
        Content-Type: text/plain; charset=us-ascii
        Content-Transfer-Encoding: 7bit
        Sender: [EMAIL PROTECTED]
        X-Mailman-Version: 1.1
        List-Id: General Discussions <slug.slug.org.au>
        X-BeenThere: [EMAIL PROTECTED]
        
        
        Look at your IPChains rules for input and output.  Allow 
any form of
        output, and make sure data beinng returned to user ports 
(ie: ports
        above 1024) is allowed to return.  (you can use the -y 
flag to allow
        data to return, but not allow new connections to be 
established)
        
         - Doug
        
        
        George Ferizis wrote:
        > 
        > Hi all,
        > 
        >         I'm running IP Masq on a linux box, with some 
windows
        > boxes on the surrounding network.
        > 
        >         It functions fine, I can telnet/ftp whatever 
from the
        > windows box to anywhere external, and can telnet/ftp 
from
        > anywhere external to the linux box.
        > 
        >         The only problem I am having however is making
        > connections from the linux box to anything external, 
such as
        > telnet or ftp results in a connection refused, the 
hosts are
        > clearly not down, nor is the interface the linux box 
has to the
        > outside world.
        > 
        >         Funnily enough pings/traceroutes work fine from 
the linux
        > box to anywhere external
        > 
        >         Can anybody suggest anything? The only thing I 
can think
        > of is that the linux box sends out the requests for the
        > connection and then attempts to forward the connection
        > acknowledgment to somewhere else on the network...
        > 
        > 
        > 
        > 
        > 
        > --
        > SLUG - Sydney Linux User Group Mailing List - 
http://slug.org.au/
        > More Info: http://slug.org.au/lists/listinfo/slug
        
        -- 
        
_____________________________________________________________
          Network Operations Engineer - Big Pond Advance 
Satellite
         Ericsson Australia - Level 5, 184 The Broadway, Sydney 
2000
          Ph: +61-416-085-390   Email: [EMAIL PROTECTED]
        
        
        -- 
        SLUG - Sydney Linux User Group Mailing List - 
http://slug.org.au/
        More Info: http://slug.org.au/lists/listinfo/slug
        


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Reply via email to