search for: ipchain

Hi Tinc Mailing-Group, I am a bit stuck with firewalling rules at the moment. Maybe someone could please advise me a good rc.firewall script to use on my setup. If anyone runs an ipchains firewall script on their linux box which is ALSO running tinc, could they please mail it to me, for my perusal. I have tinc pre3 set up and working on my systems, however I can only get it to work if I set the firewall to an 'ACCEPT' policy, which is not a sensible way to run it. Here is...

...> 62.49.242.210 eth1 gateway > Here is the firewall ruleset (not working properly, as far as i can tell), that is on Box A (similar firewall script on Box B). Note that I can get boxes on subnet A pinging boxes on subnet B if I get rid of the firewall script and set all the ipchains policies to ACCEPT. Pinging works, but I couldn't get other things to go across the Tinc VPN link. (ftp, etc.) /etc/rc.d/rc.firewall --> #!/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin /bin/echo 1 > /proc/sys/net/ipv4/ip_forward extip="62.49.252.50" extint="eth1"...

I have tried to replace these lines from ipchains to work with shorewall. # /NFS requires 111/tcp (sunrpc/portmapper) and *all* UDP ports./ # ipchains -A input -p tcp -s $SUBNET -i eth0 -d 0/0 111 -j ACCEPT ipchains -A input -p udp -s $SUBNET -i eth0 -d 0/0 -j ACCEPT # /These ports are required by bootp, tftpd, and PXE./ # /There are also...

To all those that wanted to know how I was filtering particular ICMP packets here is a few snippets from my firewall script which is based on one by Ian Hall-Beyer. I hope this helps you get started. Also note the output of the command: ipchains -h icmp Shawn Mitchell mentioned blocking all ICMP echos and especially broadcast echos. Perhaps he''d care to elaborate with a similar example? I believe he means inbound replys to stop someone spoofing your IP and then flooding your network with ICMP replies? Whilst I''m ment...

...configuration? Three nics: eth0 - 192.168.0.0/24 - local LAN - masqeraded eth1 - ppp0 - dialup! - A-DSL Provider eth2 - static IP - S-DSL Provider - routet to another router. This do not work for me: Treid to route all SSH Traffic to eth2 and WEB Traffic to ppp0: first, i mark the pakets with ipchains in the input chain [mark 1 is eth2 | mark 2 is ppp0]: ipchains -A input -p tcp -s 192.168.0.0/24 -d 0/0 22 -m 1 ipchains -A input -p tcp -s 192.168.0.0/24 -d 0/0 80 -m 2 second, i added two rules: echo 200 t-dsl >> /etc/iproute2/rt_tables echo 201 s-dsl >> /etc/iproute2/rt_tables...

Can anyone tell me what the absolute minimally permissive ipchains rule would be to allow tinc to operate correctly between two hosts. If we were to presume each tinc host had a default-deny policy, what ipchains command(s) would allow tinc to do its thing? I've scanned the docs on the tinc site and not found the answer- sorry if I'm blind or dumb. Tha...

I've just tried setting up a Shrike (9) version of Redhat. Using the medium settings of lokkit, then adding manually accept commands for ports 137/udp 138/udp, 139/tcp and 445/tcp, I thought I should have been ready to go. This isn't the case, however. I know it's not the smb.conf settup because when I kill iptables samba works. When iptables IS running however, it will respond

I have a couple questions that I will submit separately. When I have IPchains running I can't get my samba box to show up in network neighborhood, but when I turn ipchains off the box shows up. What rules do I need to add for things to work properly? -- Raymond Norton Little Crow Telemedia Network 320-234-0270

I have a little home network with one Windows 98 PC and a pc running linux. My idea is that as soon as DSL is finally made available to my area (which I keep getting told will be real soon now) I want to route it through the linux box and up to the Windows PC, using IP masquerading, etc. At present I have samba enabled on the unix box which opens up several worthwhile conveniences to me:

I just recently installed OpenSSH 2.5.1p1 on a RH6.2 box (kernel 2.2.17). I run ipchains to do packet filtering, allowing incoming connections only to 22 and 80 (and some other ports for specific machines). I was able to run prior versions of openssh in this fashion (I've run it from the first release, I think). Upon installing 2.5.1p1 I found that my attempts to connect hang, h...

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j ACCEPT -i eth0 -s any/0 22...

Hello David, After some experiments and discussions I came to the following result concerning private NT-Box connecting to a LAN via ipchains and using all NETBIOS services (incl. domain-logon): Cross-subnet browsing with NETBIOS could only be done by a local master browser in the private net. I first thought of using Samba on the Linux router for that. But the Samba service would have to use the network interface of the private net fo...

...or experiment and met with frustration. The setup of WinME box has no problem and it can connect to other Win boxes for file sharing. IP Address RH7.3 192.168.0.1 WinME 192.168.0.2 Ping started connecting but both boxes can't see each another. I also doubt maybe the problem coming from ipchain or firewall. # /etc/rc.d/init.d/ipchains stop did not solve my problem. Could you please share me your experience how to test-reconfig "ipchains" Thanks in advance. Stephen Liu At 09:51 AM 7/30/2002 +0800, Stephen Liu wrote: > Note: forwarded message attached. > >===== &...

Just a quick word - I spent two days trying to get Samba to work. The whole problem was a lack of knowledge about ipchains (firewall). It was part of the RH7.1 install package, and the medium security setting stops all tcp and udp traffic for a lot of ports, including those needed for NetBIOS (137-139) It is pretty easy to fix, the IPCHAINS-HOWTO is a good and humorous read, and by the end of it you will know what t...

...i-muenchen.de> Date: Tue, 27 Jul 1999 18:56:22 +0200 Reply-To: Thomas Lopatic <lopatic@MALAKA.DBS.INFORMATIK.UNI-MUENCHEN.DE> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Thomas Lopatic <lopatic@MALAKA.DBS.INFORMATIK.UNI-MUENCHEN.DE> Subject: Linux 2.2.10 ipchains Advisory X-To: bugtraq@securityfocus.com To: BUGTRAQ@SECURITYFOCUS.COM Linux ipchains Firewall Vulnerability data protect GmbH - Advisory #2 July 27, 1999 Authors: Thomas Lopatic <tl@dataprotect.com> John McDonald <jm@dataprotect.com> Overview -------- data protec...

Hi- I heard about a bug in ipchains, could you please tell me what to do? Thanks

Hi stef; imq patch of 2.2.17 form http://luxik.cdi.cz/~devik/qos/imq.htm diff against 2.2.17 Can you tell me how imq work with ipchains? thanks for your help regards, haipe _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi All, very new to the linux thing. I have tried our local linux list but no luck. I have setup Samba on the box which is running Rh7.3 with Samba 2.2.3a-6 (server/common & client) I got a tut from IBMs site on how to setup a pdc with samba and redhat. I followed the tut step for step but still when I want to login on wind98 onto the box I get a message that the pdc is not found. When I

I have an Asterisk PBX behind a 'manually-built' IPCHAINS firewall machine. Can anyone tell me what I need to allow/build QOS packet rewrites through this simple NAT barrier? What do I need to pass to IPCHAINS to let QOS out to the next outside network hop? I ask this, because I have been getting intermittent jitter from my provider (TELIAX), and...

How can I tell if its running? Where is the default location? Thanks.. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080528/647f6634/attachment-0005.html>