[ale] Grumbling Firewall Question
John Mills
john at mills-atl.com
Fri Jan 26 09:16:29 EST 2001
Eric, Ben, and ALErs -
On Thu, 25 Jan 2001, Eric Z. Ayers wrote:
> could it be that your SSH rule is missing the 'bidirectional' flag? We
> have a script to allow ssh inbound to specific nodes through a firewall.
>
> SSH_NODES="node1 node2 node3"
> for node in $SSH_NODES
> do
> ipchains -A forward -j ACCEPT -b -p tcp -s 0/0 -d $node ssh
> done
This did the trick, in '.../pmfirewall/pmfirewall':
# These are open to sockets created by connections allowed by ipchains
$IPCHAINS -A input -b -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
$IPCHAINS -A input -b -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
^^--added 'bidirectional' to these default rules
What I called 'ROUTER_IP' in my original post is actually a DSL
router/firewall between the DSL modem and a hub, and these rules are for a
secondary 'ipchains' firewall at my Linux box. Now I see log messages I
expect.
Thanks for the suggestions.
-- John Mills
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list