[LUNI] firewall problem

Boex,Matthew W. Matthew.Boex at cna.com
Tue Mar 12 12:05:04 CST 2002 

scott, 

no problem.  here are the rules for http and https.  i did a scan for any
other instances of http and https, nothing other than these.  the port
forwarding calls are below...

    # HTTP server (80)
    # ----------------
    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
             -s $ANYWHERE $UNPRIVPORTS \
             -d $IPADDR 80 -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $IPADDR 80 \
             -d $ANYWHERE $UNPRIVPORTS -j ACCEPT


    # HTTP client (80)
    # ----------------
    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR $UNPRIVPORTS \
             -d $ANYWHERE 80 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $ANYWHERE 80 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT

    # ------------------------------------------------------------------


    # ------------------------------------------------------------------


    # HTTPS client (443)
    # ------------------
    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR $UNPRIVPORTS \
             -d $ANYWHERE 443 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $ANYWHERE 443 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT

    HTTPS server (443)
     ----------------
    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
             -s $ANYWHERE $UNPRIVPORTS \
             -d $IPADDR 443 -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $IPADDR 443 \
             -d $ANYWHERE $UNPRIVPORTS -j ACCEPT

     ------------------------------------------------------------------

and here are the portforwarding calls...

ipmasqadm portfw -a -P tcp -L myipaddress 80 -R 192.168.2.14 80
ipmasqadm portfw -a -P tcp -L myipaddress 443 -R 192.168.2.14 443
ipmasqadm portfw -a -P tcp -L myipaddress 25 -R 192.168.2.14 25


matt

> -----Original Message-----
> From: scott thomason [mailto:scott at thomasons.org]
> Sent: Tuesday, March 12, 2002 11:42 AM
> To: luni at luni.org
> Subject: Re: [LUNI] firewall problem
> 
> 
> It would be useful to see your firewall commands, if you
> don't mind sharing them.
> ---scott
> ______________________________________________________________________
> Linux Users Of Northern Illinois - Technical Discussion 
> luni at luni.org
> http://luni.org/mailman/listinfo/luni
>

More information about the luni mailing list