[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Grumbling Firewall Question

Subject: [ale] Grumbling Firewall Question
From: john at mills-atl.com (John Mills)
Date: Fri, 26 Jan 2001 09:16:29 -0500 (EST)

Eric, Ben, and ALErs -

On Thu, 25 Jan 2001, Eric Z. Ayers wrote:
> could it be that your SSH rule is missing the 'bidirectional' flag?  We
> have a script to allow ssh inbound to specific nodes through a firewall.
> 
> SSH_NODES="node1 node2 node3"
> for node in $SSH_NODES
> do
> 	ipchains -A forward -j ACCEPT -b -p tcp -s 0/0 -d $node ssh
> done

This did the trick, in '.../pmfirewall/pmfirewall':

 # These are open to sockets created by connections allowed by ipchains
 $IPCHAINS -A input -b -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
 $IPCHAINS -A input -b -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
                    ^^--added 'bidirectional' to these default rules

What I called 'ROUTER_IP' in my original post is actually a DSL
router/firewall between the DSL modem and a hub, and these rules are for a
secondary 'ipchains' firewall at my Linux box. Now I see log messages I
expect.

Thanks for the suggestions.
 -- John Mills


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

Prev by Date: [ale] open source backup solutions
Next by Date: [ale] 486/8 meg memory as a gateway?
Previous by thread: [ale] Grumbling Firewall Question
Next by thread: [ale] Consulting help wanted
Index(es):
- Date
- Thread