LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ipchains (https://www.linuxquestions.org/questions/linux-security-4/ipchains-28427/)

i.d. 08-21-2002 09:22 AM

ipchains
 
I am trying to run X-programs from a remote server on to my RH7.3 via an ADSL usb modem connecting with pppd.
I have this up and working except for the X-programs. I suspected this problem was with my fire wall so I swtiched it off with

/etc/init.d/ipchains stop
/etc/init.d/iptables stop

Now everything works, but I think this isn't very secure.

If I do #>ipchains -L I get

target prot opt source destination ports
ACCEPT udp ------ anywhere anywhere bootps:bootpc -> bootps:bootpc
ACCEPT udp ------ anywhere anywhere bootps:bootpc -> bootps:bootpc
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
REJECT tcp -y---- anywhere anywhere any -> 0:1023
REJECT tcp -y---- anywhere anywhere any -> nfs
REJECT udp ------ anywhere anywhere any -> 0:1023
REJECT udp ------ anywhere anywhere any -> nfs
REJECT tcp -y---- anywhere anywhere any -> x11:6009
REJECT tcp -y---- anywhere anywhere any -> xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

How do I go about allowing the X-programs to run without switching off my ipchains totally.

I only need to connect to one known remote server.

Thanks

I.D.

pk21 08-21-2002 10:27 AM

I think you can better use iptables.

pk21 08-21-2002 10:30 AM

You first have to find out on which ports X works. I know there are a lot of ports you need to open.

klickibunti 08-21-2002 02:32 PM

this is an example:
tcp 6000 3338 0 1962 1 X (output of socklist, a perl script)

neo77777 08-21-2002 03:10 PM

xhost+ mastbe turned on on the remote machine to accept X requests from a local machine.
Sorry, all the way around - xhost+ on local to run apps from a remote.

i.d. 08-21-2002 03:12 PM

I have now managed to solve my problem, although I'm not sure if it was the best way?
I simply added the line

-A input -p tcp -s x.x.x.x -d 0/0 6000:6009 -y -j ACCEPT

To the file

/etc/sysconfig/ipchains


then applied with
/sbin/service ipchains restart


Thanks


All times are GMT -5. The time now is 02:55 AM.