Re: What's this all about? (ipchains stuff)

Thu, 19 Oct 2000 00:26:16 -0700 

Hi Dan,

> /var/log/messages:Oct 18 14:50:54 FireWall kernel: Packet log: input 
> DENY ppp0 PROTO=17 the.remote.ip.address:55833 
> our.server.ip.address:61533 L=40 S=0x00 I=60941 F=0x4000 T=247 (#22)

I think what you are seeing is this.
When you set up the firewall to masquerade the connections for you it is the 
firewall that the outside computers are talking to.  Instead of denying all 
traffic to the firewall you need to allow replies that are directed to your 
firewall.

Here are the rules I use on my firewall:
#----------------------------------------------------
# Firewall traffic
  echo "Allowing firewall traffic"

  # Allow outside to reply to firewall but not to
  # iniatite connections.  This is required for
  # masqueraded connections and SOCKS5 proxy to work
  # ONLY unpriviledged traffic here

  ipchains -A input -p tcp -y -i $EXTERNAL_INTERFACE \
           -d $EXTERNAL_IP $UNPRIVPORTS -l -j DENY
  ipchains -A input -p tcp -i $EXTERNAL_INTERFACE \
           -d $EXTERNAL_IP $UNPRIVPORTS -j ACCEPT


The first ipchains rule denies any outside attempts to initiate a new 
connection through the -y flag.
The second ipchains rule allows the traffic if it is not a new connection - 
ie a reply from another computer

> It's interesting the way the port numbers get bumped up each time, 

A good indication it is the masqueraded traffic that is being denied.

> a) can someone provide me with an explanation of what's going on here?

Did I help? *grin*

> b) can someone elaborate or point me in the direction of some docs to 
> help me decode the ipchains output a bit better. I'm interested in 
> the stats listed after our.server.ip.address... ie.  L=40 S=0x00 
> I=60941 F=0x4000 T=247 (#22)

There was an IP-Chains howto I believe that addressed this.  Could try 
looking on www.linuxdoc.org for that howto.

> c) can someone point me towards a list where it would be more 
> appropriate posting such discussions.

Can't think of anywhere better than here

-- 
Regards,
+-----------------------+---------------------------------+
| Peter Kiem            | E-Mail    : <[EMAIL PROTECTED]> |
| Zordah IT             | Mobile    : +61 0418 798 121    |
|   IT Consultancy &    | WWW       : www.zordah.net      |
|   Internet Hosting    | ICQ       : "Zordah" 866661     |
+-----------------------+---------------------------------+
    The Rules Have Changed...Be paid to Surf the Web! 
    http://au.nz.alladvantage.com/go.asp?refid=OMP682





_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to