LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-03-2006, 10:54 AM   #1
ArthurDent
Member
 
Registered: Feb 2004
Location: London
Distribution: Fedora Core 5, Mandrake 10.0, Gentoo, Suse
Posts: 179

Rep: Reputation: 30
Need help with Firewall on FC4


Hello Chaps, Happy new Year to all,

I am trying to set up a Squid proxy server and I have done so successfully on this (FC4) machine. The problem is that I cannot access it from any other PC in the house.

By a process of elimination I have worked out that this is caused by my firewall. When I disable it I can access the proxy server from other machines - turned on I can't.

The thing is FC4 comes with a pre-configured (Iptables) firewall and I don't want to mess it up. I really don't understand Iptables - it's a complete black art to me!

All I want to do is to allow access from IP addresses in the range 192.168.100.100-110 (I've only got a couple of PC's and a couple of laptops + some spare for visitors) to the FC4 box (which is on 192.168.100.101) running squid. I want to make sure that the requests really originate from those machines but otherwise that's all I want to achieve.

Can anyone explain in words of one syllable how to do this?

Many thanks in advance...

Mark
 
Old 01-03-2006, 11:27 AM   #2
notorp
LQ Newbie
 
Registered: Sep 2005
Distribution: Fedora 10/9/8/6 - FC3 - RH9 + Puppy Dog
Posts: 27

Rep: Reputation: 15
Have you tried using firestarter: http://www.fs-security.com/

or you could add under su permission to access the port you are using for squid (default 3128)

Depending on your firewall rules this will vary somthing that looks like:

Code:
iptables -A INBOUND -p tcp --dport 3128 -j ACCEPT
This allow you to control access via acl in squid.conf

Or you could use a command like this

Code:
iptables -A INBOUND -p tcp -m tcp -xxx.xxx.xxx.xxx --dport 3128 -j ACCEPT
For each ip address or use the appropriate netmask /24 for all 192.168.0.0 to .255.

In the examples above INBOUND is the rule set which maybe different on your system something like

RH-Firewall-1-INPUT for FC4 out of the box so try the following:

Code:
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -192.168.100.100 --dport 3128 -j ACCEPT
and try and access the proxy via the machine 192.168.100.100 unless that is the server then change the numbers you get the picture.

One last thing if you su then unless you su -l you'll wnat /sbin/iptables

Last edited by notorp; 01-03-2006 at 11:40 AM.
 
Old 01-03-2006, 11:43 AM   #3
notorp
LQ Newbie
 
Registered: Sep 2005
Distribution: Fedora 10/9/8/6 - FC3 - RH9 + Puppy Dog
Posts: 27

Rep: Reputation: 15
If you get things to work remember to save the rule set otherwise you will have to set them up each time you start your machine.

Code:
iptables-save > /etc/sysconfig/iptables-new

cd /etc/sysconfig
cp iptables iptables.old

cp iptables-new iptables
 
Old 01-03-2006, 12:01 PM   #4
ArthurDent
Member
 
Registered: Feb 2004
Location: London
Distribution: Fedora Core 5, Mandrake 10.0, Gentoo, Suse
Posts: 179

Original Poster
Rep: Reputation: 30
Hi notorp,

Thanks very much. This was (very close to) exactly what I was looking for. Unfortunately it doesn't quite work...

Code:
[root@localhost Installs]# /sbin/iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -192.168.100.100 --dport 8080 -j ACCEPT
iptables v1.3.0: Unknown arg `-m'
Try `iptables -h' or 'iptables --help' for more information.
[root@localhost Installs]#
On another (sort of related) subject...

Whilst I have got the firewall turned off I notice that I can now browse for, and find, the windows shares on my network - something I could never do before (without a great deal of pain). I would really like to be able to do this.

I checked out the "Shields Up" website with Iptables turned off and I still get a complete good bill of health. I guess this means that much of the firewalling is being done by the router.

Anyhow - I feel that I am close to a solution...

What should I try next?

Thanks again...
 
Old 01-07-2006, 02:15 PM   #5
notorp
LQ Newbie
 
Registered: Sep 2005
Distribution: Fedora 10/9/8/6 - FC3 - RH9 + Puppy Dog
Posts: 27

Rep: Reputation: 15
Firstly SORRY I didn't get right back to you but my computer died and I've just had to rebuild it. I think I have chosen the wrong motherboard as it isn't very Linux compatible at the moment!

Not your problem though!

Secondly sorry I'm a berk and mistyped the command over and over it should read:

Code:
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.100.100 --dport 3128 -j ACCEPT
Can you see the missing -s instead of -192.168.100.100 the "s" tell it what the source is!

Try the above and see if it works.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dual Boot Windows XP & FC4 with FC4 already installed kt8993 Linux - General 8 10-18-2006 05:26 PM
How do I turn off my Firewall in FC4? ArthurDent Fedora 8 01-06-2006 02:10 AM
FC4 eMachines ndiswrapper problem (don't think it has anything to do with FC4) unknownmosquito Linux - Laptop and Netbook 2 12-04-2005 12:50 PM
why can i use the net under Win but not with FC4 using a smoothwall firewall? Weedman Linux - Security 11 10-22-2005 08:18 AM
Converting a FC4 dvd to FC4 cd set? prem1000 Fedora 2 06-17-2005 03:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration