[ale] Grumbling Firewall Question

John Mills john at mills-atl.com
Fri Jan 26 09:16:29 EST 2001


Eric, Ben, and ALErs -

On Thu, 25 Jan 2001, Eric Z. Ayers wrote:
> could it be that your SSH rule is missing the 'bidirectional' flag?  We
> have a script to allow ssh inbound to specific nodes through a firewall.
> 
> SSH_NODES="node1 node2 node3"
> for node in $SSH_NODES
> do
> 	ipchains -A forward -j ACCEPT -b -p tcp -s 0/0 -d $node ssh
> done

This did the trick, in '.../pmfirewall/pmfirewall':

 # These are open to sockets created by connections allowed by ipchains
 $IPCHAINS -A input -b -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
 $IPCHAINS -A input -b -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
                    ^^--added 'bidirectional' to these default rules

What I called 'ROUTER_IP' in my original post is actually a DSL
router/firewall between the DSL modem and a hub, and these rules are for a
secondary 'ipchains' firewall at my Linux box. Now I see log messages I
expect.

Thanks for the suggestions.
 -- John Mills


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list