LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-10-2001, 05:19 PM   #1
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Rep: Reputation: 30
setup ipchains, doesn't seem to do anything, what am i doing wrong?


Well, I setup a simple firewall with Redhat 7.1's firewall tool. I setup high security, and enabled a few ports. I ran nmap on the server, and unfortunately quite a few ports show up:

21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
199/tcp open smux
443/tcp open https
2401/tcp open cvspserver
3306/tcp open mysql

Only ftp, ssh, and http should be open (as well as 27015, 7002, and 24347).

Here's my /etc/rc.d/init.d/ipchains status:

ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 27015
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 7002
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 24347
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 22
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 80
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 21
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT udp ------ 152.1.1.248 0.0.0.0/0 53 -> *
ACCEPT udp ------ 152.1.2.22 0.0.0.0/0 53 -> *
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> *
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> *

Does this look right? I ran /etc/rc.d/init.d/ipchains restart and still no luck....

Justin
 
Old 10-10-2001, 05:27 PM   #2
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Original Poster
Rep: Reputation: 30
nevermind =D
 
Old 10-11-2001, 04:41 AM   #3
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Do you want help with it or not?

if you do, tell us some info about what your trying to connect to and the architect of your network.

Also show us the output from these commands: as root

netstat -natp
ifconfig -a
ipchains -L -nv
route -n
cat /proc/sys/net/ipv4/ip_forward


Supply this and I'll show you the correct syntax.
Also do you use the box as a router for other systems on your private LAN, if so what's the subnet address range for these boxes.


/Raz
 
Old 10-11-2001, 09:46 AM   #4
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Original Poster
Rep: Reputation: 30
Hey, sorry man. I should of been more descriptive with my "nevermind".I figured it out a good 30 seconds after I posted. I regularly help on forums that in areas where I'm a pro at, so it was just kind of embarrassing (I hate it when people post before they try everything themselves!!!). I don't know why, but I had checked on the "trust eth0" box. I'm not quite sure why I did, but I did . And yeah, that doesn't help the firewall any!!

I do appreciate you replying Great to have a place to get help when I need it.

I would ask how to open udp ports w/ ipchains since the firewall config blocks all by default but I'm sure there's a howto or faq around, I haven't looked yet .

Thanks!!
Justin

PS I was almost tempted to continue with my question just so I could see what all those commands (netstat -natp, ipchains -L -nv, route -n, etc) do! Time to go play =D
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wrong keyboard setup jalldridge Linux - Newbie 5 04-07-2005 01:48 PM
how to setup a ipchains firewall after a hardware cisco router cybercop12us Linux - Security 3 10-22-2001 05:40 AM
how to setup a ipchains firewall after cisco Router using proxy ARP? or NAR cybercop12us Linux - Security 0 10-17-2001 08:07 AM
how to setup a ipchains firewall after a hardware cisco router cybercop12us Linux - Newbie 2 09-21-2001 05:53 AM
newbie ipchains setup HELP skittles Linux - Security 5 09-13-2001 04:23 PM


All times are GMT -5. The time now is 09:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration