[SLUG] Letting Stuff In...

• Next message: Paul M Foster: "Re: [SLUG] Letting Stuff In..."
• Previous message: diego henao: "RE: [SLUG] FREE Suse"
• Next in thread: Paul M Foster: "Re: [SLUG] Letting Stuff In..."
• Reply: Paul M Foster: "Re: [SLUG] Letting Stuff In..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay...I've reverted back to the 2.2.x kernel series, because 2.4.x wasn't
stable for me :-(

Having done that, though, I'm beginning to probe my whole firewall setup, and
what's going on in there. I realize that my firewall is made up of a simple
script that was put there by PPPoE. It basically lets everything through my
computer to the internel network, but it doesn't let anything get to the
firewall. So, if I want to be able to ssh to my firewall computer from my
sister's house, I can't. I also want to be able to serve up a web page or two
while I'm at it, so I can play with my Zope server away from home, and if I'm
really feeling good, I can VNC to my home computer, too.

How would I modify my firewall script to allow these services?

Thanks!

Russell
Here's what I'm working with...

#!/bin/sh
#
# firewall-masq This script sets up firewall rules for a machine
# acting as a masquerading gateway
#
# Copyright (C) 2000 Roaring Penguin Software Inc. This software may
# be distributed under the terms of the GNU General Public License, version
# 2 or any later version.

# Interface to Internet
EXTIF=ppp+

ANY=0.0.0.0/0

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY

ipchains -F forward
ipchains -F input
ipchains -F output

# Deny TCP and UDP packets to privileged ports
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY

# Deny TCP connection attempts
ipchains -A input -l -i $EXTIF -p tcp -y -j DENY

# Deny ICMP echo-requests
ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY

# Do masquerading
ipchains -A forward -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward

- --
Linux -- the OS for the Renaissance Man
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8ui36AqKGrvVshJQRAp8xAJ9jADLQcQrAAeYG7q08yaS96g4+hACeNs+I
TeBpq7YkjS0kg3/yKMrF/ug=
=VXr4
-----END PGP SIGNATURE-----

• Next message: Paul M Foster: "Re: [SLUG] Letting Stuff In..."
• Previous message: diego henao: "RE: [SLUG] FREE Suse"
• Next in thread: Paul M Foster: "Re: [SLUG] Letting Stuff In..."
• Reply: Paul M Foster: "Re: [SLUG] Letting Stuff In..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:07:08 EDT