Need help with Firewall on FC4
Hello Chaps, Happy new Year to all,
I am trying to set up a Squid proxy server and I have done so successfully on this (FC4) machine. The problem is that I cannot access it from any other PC in the house. By a process of elimination I have worked out that this is caused by my firewall. When I disable it I can access the proxy server from other machines - turned on I can't. The thing is FC4 comes with a pre-configured (Iptables) firewall and I don't want to mess it up. I really don't understand Iptables - it's a complete black art to me! All I want to do is to allow access from IP addresses in the range 192.168.100.100-110 (I've only got a couple of PC's and a couple of laptops + some spare for visitors) to the FC4 box (which is on 192.168.100.101) running squid. I want to make sure that the requests really originate from those machines but otherwise that's all I want to achieve. Can anyone explain in words of one syllable how to do this? Many thanks in advance... Mark |
Have you tried using firestarter: http://www.fs-security.com/
or you could add under su permission to access the port you are using for squid (default 3128) Depending on your firewall rules this will vary somthing that looks like: Code:
iptables -A INBOUND -p tcp --dport 3128 -j ACCEPT Or you could use a command like this Code:
iptables -A INBOUND -p tcp -m tcp -xxx.xxx.xxx.xxx --dport 3128 -j ACCEPT In the examples above INBOUND is the rule set which maybe different on your system something like RH-Firewall-1-INPUT for FC4 out of the box so try the following: Code:
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -192.168.100.100 --dport 3128 -j ACCEPT One last thing if you su then unless you su -l you'll wnat /sbin/iptables |
If you get things to work remember to save the rule set otherwise you will have to set them up each time you start your machine.
Code:
iptables-save > /etc/sysconfig/iptables-new |
Hi notorp,
Thanks very much. This was (very close to) exactly what I was looking for. Unfortunately it doesn't quite work... Code:
[root@localhost Installs]# /sbin/iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -192.168.100.100 --dport 8080 -j ACCEPT Whilst I have got the firewall turned off I notice that I can now browse for, and find, the windows shares on my network - something I could never do before (without a great deal of pain). I would really like to be able to do this. I checked out the "Shields Up" website with Iptables turned off and I still get a complete good bill of health. I guess this means that much of the firewalling is being done by the router. Anyhow - I feel that I am close to a solution... What should I try next? Thanks again... |
Firstly SORRY I didn't get right back to you but my computer died and I've just had to rebuild it. I think I have chosen the wrong motherboard as it isn't very Linux compatible at the moment!
Not your problem though! Secondly sorry I'm a berk and mistyped the command over and over it should read: Code:
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.100.100 --dport 3128 -j ACCEPT Try the above and see if it works. |
All times are GMT -5. The time now is 06:29 AM. |