LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   setup ipchains, doesn't seem to do anything, what am i doing wrong? (https://www.linuxquestions.org/questions/linux-security-4/setup-ipchains-doesnt-seem-to-do-anything-what-am-i-doing-wrong-7438/)

JustinHoMi 10-10-2001 04:19 PM
setup ipchains, doesn't seem to do anything, what am i doing wrong?
 
Well, I setup a simple firewall with Redhat 7.1's firewall tool. I setup high security, and enabled a few ports. I ran nmap on the server, and unfortunately quite a few ports show up:

21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
199/tcp open smux
443/tcp open https
2401/tcp open cvspserver
3306/tcp open mysql

Only ftp, ssh, and http should be open (as well as 27015, 7002, and 24347).

Here's my /etc/rc.d/init.d/ipchains status:

ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 27015
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 7002
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 24347
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 22
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 80
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 21
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT udp ------ 152.1.1.248 0.0.0.0/0 53 -> *
ACCEPT udp ------ 152.1.2.22 0.0.0.0/0 53 -> *
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> *
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> *

Does this look right? I ran /etc/rc.d/init.d/ipchains restart and still no luck....

Justin

JustinHoMi 10-10-2001 04:27 PM
nevermind =D

raz 10-11-2001 03:41 AM
Do you want help with it or not?

if you do, tell us some info about what your trying to connect to and the architect of your network.

Also show us the output from these commands: as root

netstat -natp
ifconfig -a
ipchains -L -nv
route -n
cat /proc/sys/net/ipv4/ip_forward


Supply this and I'll show you the correct syntax.
Also do you use the box as a router for other systems on your private LAN, if so what's the subnet address range for these boxes.


/Raz

JustinHoMi 10-11-2001 08:46 AM
Hey, sorry man. I should of been more descriptive with my "nevermind".I figured it out a good 30 seconds after I posted. I regularly help on forums that in areas where I'm a pro at, so it was just kind of embarrassing (I hate it when people post before they try everything themselves!!!). I don't know why, but I had checked on the "trust eth0" box. I'm not quite sure why I did, but I did :). And yeah, that doesn't help the firewall any!!

I do appreciate you replying :) Great to have a place to get help when I need it.

I would ask how to open udp ports w/ ipchains since the firewall config blocks all by default but I'm sure there's a howto or faq around, I haven't looked yet ;).

Thanks!!
Justin

PS I was almost tempted to continue with my question just so I could see what all those commands (netstat -natp, ipchains -L -nv, route -n, etc) do! Time to go play =D


All times are GMT -5. The time now is 08:42 PM.