LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-25-2002, 09:35 AM   #1
jimscreechy
LQ Newbie
 
Registered: Sep 2002
Posts: 5

Rep: Reputation: 0
HELP firewall


I recently installed redhat 7.3 really for the sole purpose of the included firewall but unfortunately it doesn't work.

Details.
I installed using the gui and gave eth1 (internal) the address of 192.168.0.1 netmask 255.255.255.0 and eth0 (external ISP) dhcp, this receives the address 80.0.188.64 from the ISP. One of the hosts on my local internal net has the address of 192.168.0.50 and I am able to ping it from the linux server. Similarly I am able to ping the both internal and external interfaces on the linux server from my internal host 192.168.0.50 but I can get no connectiviy any further than the xternal (isp) interface eth0 from my local host 192.168.0.50.
I do have internet connectivity from the linux server (hence this email, but cannot seem to route correctly through the firewall with any protocols.
I did the initial configuration using lokkit and have tried all three levels of security using this facility with not effect. (sorry for the length of this message but better more infor than less)
I had not intended to get involved with IPHAINS or IPTABLES until I had the basic system running and some considerable knowledge under my belt, and really was led to believe this comfiguration I had completed should have been sufficient.

anyway the ipchains file looks like this.

-A input -S 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -S 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -S 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -S 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
-A INPUT -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A INPUT -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7000 -y -j REJECT

and the ip routing table looks like this

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
80.0.188.0 * 255.255.255.0. U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 0 U 0 0 0 lo
default p124 0.0.0.0 UG 0 0 0 eth0

I hope this is enough info... Can anyone help

JIM
 
Old 09-25-2002, 12:20 PM   #2
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
ok, I'd suggest using iptables bsed firewall since you have at least 2.4.18 kernel, there are many options available from writting your own scripts to already written GUI based firewalls, check out
http://www.linuxguruz.org/iptables
http://firestarter.sourceforge.net
http://www.simonzone.com/software/guarddog
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BSD Firewall vs Linux Firewall ? rootlinux Linux - Security 5 08-29-2007 08:38 AM
Firewall lets ips which are not in the firewall ... why ? sys7em Linux - Networking 2 06-30-2005 01:50 PM
Firewall with features of a Sidewinder firewall? abcampa Linux - Security 4 04-22-2005 05:24 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 10:15 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 01:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration