setup ipchains, doesn't seem to do anything, what am i doing wrong?
Well, I setup a simple firewall with Redhat 7.1's firewall tool. I setup high security, and enabled a few ports. I ran nmap on the server, and unfortunately quite a few ports show up:
21/tcp open ftp 22/tcp open ssh 80/tcp open http 111/tcp open sunrpc 199/tcp open smux 443/tcp open https 2401/tcp open cvspserver 3306/tcp open mysql Only ftp, ssh, and http should be open (as well as 27015, 7002, and 24347). Here's my /etc/rc.d/init.d/ipchains status: ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 27015 ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 7002 ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 24347 ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 22 ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 80 ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 21 ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a ACCEPT udp ------ 152.1.1.248 0.0.0.0/0 53 -> * ACCEPT udp ------ 152.1.2.22 0.0.0.0/0 53 -> * REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> * REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> * Does this look right? I ran /etc/rc.d/init.d/ipchains restart and still no luck.... Justin |
nevermind =D
|
Do you want help with it or not?
if you do, tell us some info about what your trying to connect to and the architect of your network. Also show us the output from these commands: as root netstat -natp ifconfig -a ipchains -L -nv route -n cat /proc/sys/net/ipv4/ip_forward Supply this and I'll show you the correct syntax. Also do you use the box as a router for other systems on your private LAN, if so what's the subnet address range for these boxes. /Raz |
Hey, sorry man. I should of been more descriptive with my "nevermind".I figured it out a good 30 seconds after I posted. I regularly help on forums that in areas where I'm a pro at, so it was just kind of embarrassing (I hate it when people post before they try everything themselves!!!). I don't know why, but I had checked on the "trust eth0" box. I'm not quite sure why I did, but I did :). And yeah, that doesn't help the firewall any!!
I do appreciate you replying :) Great to have a place to get help when I need it. I would ask how to open udp ports w/ ipchains since the firewall config blocks all by default but I'm sure there's a howto or faq around, I haven't looked yet ;). Thanks!! Justin PS I was almost tempted to continue with my question just so I could see what all those commands (netstat -natp, ipchains -L -nv, route -n, etc) do! Time to go play =D |
All times are GMT -5. The time now is 08:42 PM. |