[ale] sunday morning ipchains

Jonathan Glass jbjrglass at cox.net
Sun Aug 4 15:02:17 EDT 2002 

I had a hard time getting it to work, and finally resorted to IPMASQADM
and PORTFW
http://www.thelinuxreview.com/howto/IP-MASQ/x1525.htm

HTH

Jonathan
-----Original Message-----
From: jason vinson [mailto:jvinson at snapserver.com] 
To: ale at ale.org
Sent: Sunday, August 04, 2002 2:34 PM
To: Jonathan Glass
Subject: RE: [ale] sunday morning ipchains


On Sun, 2002-08-04 at 13:45, Jonathan Glass wrote:
> Don't you need to use portforwarding to give access to your FTP 
> server? I've always used ipmasadm portfw to allow incoming 
> connections...I think.

i was under the impression that third and fourth chains were taking care
of the port forwarding.  is this not correct?

# this appends a chain to the forward set that uses a source 
# of any ip that sends a request on ports 20 and 21 on the tcp #
protocol to an internal destination of 192.168.0.10 /sbin/ipchains -A
forward -j MASQ -s 0.0.0.0/0 20:21 -p tcp -d 192.168.0.10 

# this does the same thing for the udp protocol
/sbin/ipchains -A forward -j MASQ -s 0.0.0.0/0 20:21 -p udp -d
192.168.0.10

is this not correct?
Jason


> 
> Note: This is off the top of my head.  I don't have acccess to my 
> firewall script right now.
> 
> Thanks
> 
> Jonathan
> 
> -----Original Message-----
> From: jason vinson [mailto:jvinson at snapserver.com]
> Sent: Sunday, August 04, 2002 12:16 PM
> To: ale at ale.org
> Subject: [ale] sunday morning ipchains
> 
> 
> Hi guys,
> 
> I am having a bit of trouble with ipchains.  I created a coyote linux 
> floppy and it runs nicely.  My home network has an ftp server on it 
> that i would like to have accesable from the outside world, but i 
> can't seem to get ipchains to work properly.  here's my rule set (keep

> in mind i am fairly new at this):
> 
> /sbin/ipchains -P forward DENY
> 
> /sbin/ipchains -A forward -j MASQ -s $LOCAL_NETWORK/$LOCAL_NETMASK -d 
> 0.0.0.0/0
> 
> /sbin/ipchains -A forward -j MASQ -s 0.0.0.0/0 20:21 -p tcp -d 
> 192.168.0.10 /sbin/ipchains -A forward -j MASQ -s 0.0.0.0/0 20:21 -p 
> udp -d 192.168.0.10
> 
> and here's what i see from "ipchains -L":
> 
> Chain input (policy ACCEPT):
> Chain forward (policy DENY):
> target prot opt     source          destination   ports
> MASQ   all  ------  192.168.0.0/24  anywhere      n/a
> MASQ   tcp  ------  anywhere        192.168.0.10  ftp-data:ftp ->
any
> MASQ   udp  ------  anywhere        192.168.0.10  20:fsp ->   any
> Chain output (policy ACCEPT):
> 
> any ideas on what i should do?
> 
> and please be gentle  :)
> 
> thanks in advance.
> Jason
> 
> 
> ---
> This message has been sent through the ALE general discussion list. 
> See http://www.ale.org/mailing-lists.shtml for more info. Problems 
> should be
> 
> sent to listmaster at ale dot org.
> 
> 
> ---
> This message has been sent through the ALE general discussion list. 
> See http://www.ale.org/mailing-lists.shtml for more info. Problems 
> should be sent to listmaster at ale dot org.




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list