LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-09-2003, 11:52 PM   #1
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Rep: Reputation: 15
RedHat 8.0 networking help (newbie)


Ok i was searching through the threads here and i am confused so sorry if this is a repeat, but I need to ask so here goes.

I am running Redhat 8.0 downstairs on my computer. I am using cable through a D-Link router. I am running a MUD on the computer downstairs, and I can access it through my network no problems... I can access the mud even outside my network no problems. It runs on port 4444. Now I can access my server using Telnet on my network, but run into the problem of accessing it outside my network. I basically want to use it so I can program my MUD, not just from home, but from my school too.

This is where I am lost. I have messed with the firewall, no go. I messed with hosts.allow and all of that, no go.

PLEASE if anyone could help, I have been nonstop reading on this.

Thanks in advance,
JayMan
 
Old 03-10-2003, 12:17 AM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820

Rep: Reputation: 46
Are you trying to forward the port through the firewall? Also make sure you do the following.

echo 1 > /proc/sys/net/ipv4/ip_forward

That enables forwarding support. Then it's just a matter of writing the prerouting, forward, and postrouting rules in iptables. Give us a little more info on what you are trying to do and we'll be able to help more.

edit: Hey what's a MUD anyway? Just curious.
 
Old 03-10-2003, 12:33 AM   #3
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
OK I'll try my best to post what i need to.. I want to access my computer from outside my network. I have a MUD (Multi User Dungeon (word based game)) running on port 4444 and it works fine. When i try to access my server (port 23 using telnet) it will not let me use it outside my network. I can access my server on my other computer, just fine. I want to be able to access, where i have all my coding files stored, from school. I have my firewall on my router and my virtual server set up right for my MUD and it works, I just cant access my computer from outside the my house.
I believe its Apache server. I am a partial newbie when it comes to this. Sooooo tell me what ya need to know and where to find it and i can do my best to get it.
Jay
 
Old 03-10-2003, 02:09 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Firstly,
don't use Telnet!
It sends logons and passwords in clear text. Anyone sniffing the network could read them, VERY easily, no joking!

Use the ssh server that comes with RH8.
service sshd start
At least then your communications are secure.
Use Putty for a client if you are starting from a Win pc.
Also look at 'man sshd_config' for configuration data.
The standard RH8 install is good tho'.

The firewall rules should allow port 22 from anywhere, but if you can narrow down the ip's you use, add them to the rule too.
Have a look at Firestarter to make doing the rules easier. A lot of members here use it happily

Last edited by peter_robb; 03-10-2003 at 02:28 AM.
 
Old 03-10-2003, 02:51 AM   #5
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
OK thanks for the tip w/Telnet, I downloaded Firestarter and i like that ALOT. But I still cant access outside my network.. I went to add a rule to allow my schools host in the rules, and it said something to the affect of not being in the iptables... ???? (lost) also maybe i dont have apache set up right and tid bits on how to set that up right... Maybe i am using the wrong port to access ..
I am desperate on any ideas... knowing my stupid luck i am overlooking the obvious.

Jay
 
Old 03-10-2003, 02:59 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
From the RH box, open a command terminal and type lsmod.

You should get a list like...
root@peter ~# lsmod
Module Size Used by Tainted: P
es1371 30760 1 (autoclean)
ac97_codec 13416 0 (autoclean) [es1371]
gameport 3412 0 (autoclean) [es1371]
soundcore 6532 4 (autoclean) [es1371]
agpgart 43136 3 (autoclean)
nvidia 1592160 10 (autoclean)
parport_pc 19108 1 (autoclean)
lp 8996 0 (autoclean)
parport 37152 1 (autoclean) [parport_pc lp]
autofs 13348 0 (autoclean) (unused)
dmfe 17089 1
ne2k-pci 7296 0 (unused)
8390 8364 0 [ne2k-pci]
iptable_filter 2412 0 (autoclean) (unused)
ip_tables 15224 1 [iptable_filter]
ide-scsi 10512 0
scsi_mod 107240 1 [ide-scsi]
ide-cd 33608 0
cdrom 33696 0 [ide-cd]
nls_iso8859-1 3516 1 (autoclean)
nls_cp437 5148 1 (autoclean)
vfat 13084 1 (autoclean)
fat 38712 0 (autoclean) [vfat]
ext3 70368 1 (autoclean)
jbd 52244 1 (autoclean) [ext3]
mousedev 5524 0 (unused)
keybdev 2976 0 (unused)
hid 22244 0 (unused)
input 5920 0 [mousedev keybdev hid]
usb-uhci 26188 0 (unused)
usbcore 77024 1 [hid usb-uhci]
root@peter ~#

What's in your list?
Tip...
(Highlight it with the mouse and then paste it into the browser box with the middle mouse button.)
 
Old 03-10-2003, 03:01 AM   #7
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
Module Size Used by Not tainted
ipt_ttl 1144 1 (autoclean)
ipt_unclean 7704 2 (autoclean)
ipt_limit 1560 34 (autoclean)
ipt_state 1048 5 (autoclean)
iptable_mangle 2776 0 (unused)
ipt_LOG 4184 1
ipt_MASQUERADE 2200 0 (unused)
ipt_TOS 1656 0 (unused)
ipt_REDIRECT 1368 0 (unused)
iptable_nat 19960 0 [ipt_MASQUERADE ipt_REDIRECT]
ip_conntrack_irc 3520 0 (unused)
ip_conntrack_ftp 5088 0 (unused)
ip_conntrack 21244 4 [ipt_state ipt_MASQUERADE ipt_REDIRECT iptable_nat ip_conntrack_irc ip_conntrack_ftp]
sr_mod 18136 0 (autoclean)
soundcore 6532 0 (autoclean)
r128 93176 1
agpgart 43072 3
nfsd 79920 8 (autoclean)
lockd 58064 1 (autoclean) [nfsd]
sunrpc 79324 1 (autoclean) [nfsd lockd]
tux 137592 2
autofs 13348 0 (autoclean) (unused)
3c59x 30640 1
ipt_REJECT 3736 0 (autoclean)
iptable_filter 2412 1 (autoclean)
ip_tables 14936 14 [ipt_ttl ipt_unclean ipt_limit ipt_state iptable_mangle ipt_LOG ipt_MASQUERADE ipt_TOS ipt_REDIRECT iptable_nat ipt_REJECT iptable_filter]
ide-scsi 10512 0
scsi_mod 107176 2 [sr_mod ide-scsi]
ide-cd 33608 0
cdrom 33696 0 [sr_mod ide-cd]
mousedev 5524 1
keybdev 2976 0 (unused)
hid 22244 0 (unused)
input 5888 0 [mousedev keybdev hid]
usb-uhci 26188 0 (unused)
usbcore 77024 1 [hid usb-uhci]
ext3 70368 2
jbd 52212 2 [ext3]
 
Old 03-10-2003, 03:18 AM   #8
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
OK,
you have iptables running ok... looks like an rc.firewall.stronger script too.
type
iptables-save > /etc/sysconfig/iptables.saved
This will place a list of your rules into the file /etc/sysconfig/iptables.saved.
Mask your external ip number with xxx.xxx.xxx.xxx and please post it...
If my suspicions are correct, there will be some OUTPUT chain rules that need to be opened up...
 
Old 03-10-2003, 03:21 AM   #9
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
xx.xxx.xx.xx that what ya mean?
 
Old 03-10-2003, 03:36 AM   #10
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Yeah, nobody out here needs to know what your external number is...
 
Old 03-10-2003, 03:56 AM   #11
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
ok that was it xx.xxx.xx.xx
 
Old 03-10-2003, 04:16 AM   #12
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48


pls post the file /etc/sysconfig/iptables.saved... with yr external number masked out... pls.
 
Old 03-10-2003, 04:24 AM   #13
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
i hope this is what ya mean... pretty dang big .. if its not please could ya delete heheheh
# Generated by iptables-save v1.2.6a on Mon Mar 10 04:33:58 2003
*mangle
:PREROUTING ACCEPT [7197:2167598]
:INPUT ACCEPT [5717:1684822]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6812:906477]
:POSTROUTING ACCEPT [7378:951905]
COMMIT
# Completed on Mon Mar 10 04:33:58 2003
# Generated by iptables-save v1.2.6a on Mon Mar 10 04:33:58 2003
*nat
:PREROUTING ACCEPT [1500:485384]
:POSTROUTING ACCEPT [798:39318]
:OUTPUT ACCEPT [798:39318]
COMMIT
# Completed on Mon Mar 10 04:33:58 2003
# Generated by iptables-save v1.2.6a on Mon Mar 10 04:33:58 2003
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
:LD - [0:0]
:SANITY - [0:0]
:STATE - [0:0]
:UNCLEAN - [0:0]
-A INPUT -i eth0 -m unclean -j UNCLEAN
-A INPUT -s 192.168.0.1 -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 192.168.0.1 -p udp -j ACCEPT
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 4444 -j ACCEPT
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -d 192.168.0.0/255.255.255.0 -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -s 1.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 2.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 5.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 7.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 23.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 27.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 31.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 36.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 37.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 39.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 41.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 42.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 58.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 59.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 60.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 69.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 70.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 71.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 72.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 73.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 74.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 75.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 76.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 77.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 78.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 79.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 82.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 83.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 84.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 85.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 86.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 87.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 88.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 89.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 90.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 91.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 92.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 93.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 94.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 95.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 96.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 97.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 98.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 99.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 100.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 101.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 102.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 103.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 104.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 105.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 106.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 107.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 108.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 109.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 110.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 111.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 112.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 113.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 114.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 115.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 116.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 117.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 118.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 119.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 120.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 121.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 122.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 123.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 124.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 125.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 126.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 128.66.0.0/255.255.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 172.16.0.0/255.240.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 197.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 221.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 222.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 223.0.0.0/255.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 240.0.0.0/240.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 31337 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 31337 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 33270 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 33270 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 1234 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 6711 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 16660 --tcp-flags SYN,RST,ACK SYN -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 60001 --tcp-flags SYN,RST,ACK SYN -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 12345:12346 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 12345:12346 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 135 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 135 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 1524 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 27665 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 27444 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 31335 -m limit --limit 2/min -j LD
-A INPUT -s 224.0.0.0/255.0.0.0 -j LD
-A INPUT -d 224.0.0.0/255.0.0.0 -j LD
-A INPUT -s 255.255.255.255 -j LD
-A INPUT -d 0.0.0.0 -j LD
-A INPUT -m state --state INVALID -j LD
-A INPUT -f -m limit --limit 10/min -j LD
-A INPUT -i eth0 -p tcp -m tcp --dport 67:68 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j LD
-A INPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 1024:65535 -j STATE
-A INPUT -d 192.168.0.0/255.255.255.0 -p udp -m udp --dport 1023:65535 -j ACCEPT
-A INPUT -j LD
-A OUTPUT -o eth0 -m unclean -j UNCLEAN
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 31337 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 31337 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 33270 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 33270 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 1234 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 6711 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 16660 --tcp-flags SYN,RST,ACK SYN -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 60001 --tcp-flags SYN,RST,ACK SYN -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 12345:12346 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 12345:12346 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 135 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 135 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 1524 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 27665 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 27444 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 31335 -m limit --limit 2/min -j LD
-A OUTPUT -s 224.0.0.0/255.0.0.0 -j LD
-A OUTPUT -d 224.0.0.0/255.0.0.0 -j LD
-A OUTPUT -s 255.255.255.255 -j LD
-A OUTPUT -d 0.0.0.0 -j LD
-A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A OUTPUT -m ttl --ttl-eq 64
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o eth0 -p icmp -j ACCEPT
-A OUTPUT -j ACCEPT
-A LD -j LOG
-A LD -j DROP
-A SANITY -j LD
-A STATE -i ! lo -m state --state NEW -j LD
-A STATE -m state --state RELATED,ESTABLISHED -j ACCEPT
-A STATE -j LD
-A UNCLEAN -j LD
COMMIT
# Completed on Mon Mar 10 04:33:58 2003
 
Old 03-10-2003, 04:54 AM   #14
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
(I've written this 1st line so many times I finally decided to delete it...)

The problem is in the OUTPUT chain where any replies to your port 23 requests don't have any permission to go back out...
The usual technique is to allow state ESTABLISHED,RELATED replies to go back out, but that doesn't happen here...
quote...
-A OUTPUT -d 0.0.0.0 -j LD
-A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A OUTPUT -m ttl --ttl-eq 64
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o eth0 -p icmp -j ACCEPT
-A OUTPUT -j ACCEPT

The first line I've quoted drops everything, making following rules useless... The default policy is supposed to do this work...
The 2nd line is a mistake, there is no -j to jump to...
The last line is the opposite of the default DROP POLICY and shouldn't be there.

So, I suggest you add this from a command line to get working...
iptables -I OUTPUT 3 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

then have a read of this iptables tutorial and then a look at Firestarter to make writing rules easier.

Personally, the sooner you lose that script you are using, the better...
 
Old 03-10-2003, 05:09 AM   #15
jrw3179
LQ Newbie
 
Registered: Mar 2003
Posts: 22

Original Poster
Rep: Reputation: 15
ok i added that line u said to do... that iptables chart i can look at when i have some more time... So with that added line will that fix the outgoing stuff on port 23? (sorry to seem stupid) but i just want to make sure i am doing this right..
1 more noob question... to configure the server part, could ya run it by me.. I just want to make sure my settings are correct... i have 4 options in xwindows
domain name service
http
nfs
services
I want to make sure i have it all set up

THanks SOOO much... i fixed a few other probs from this board
I appreciate it
Jay
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
networking redhat linux (newbie stuff) govtlinux Red Hat 1 09-14-2004 09:13 PM
Help Newbie Networking rmsat Linux - Networking 2 06-29-2004 04:26 PM
Networking Newbie Nice Guy Eddie Linux - Networking 6 05-17-2003 07:01 AM
Networking Newbie Nice Guy Eddie Linux - Networking 1 05-04-2003 01:35 AM
Networking newbie lolmc Linux - Networking 3 12-29-2001 07:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration