Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2000 11:48 AM
тАО09-25-2000 11:48 AM
IPCHAINS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2000 01:53 PM
тАО09-26-2000 01:53 PM
Re: IPCHAINS
from the IPCHAINS HOWTO
by Rusty Russell
#
#ipchains -A input -i ! lo -j DENY
#ipchains -A output -i ! lo -j DENY
#ipchains -A forward -j DENY
#
that sets up to deny all except loopback...
then from there you want to setup new chains to make your forwarding more managable...
#
#ipchains -N one-host
#ipchains -N second-host
#
from there you want to start doing some filtering based on the source or destination addresses...
to filter the source you use the -s like
#
#ipchains -s 190.23.12.0/15 -i ppp0 -j one-host
#
that would send all packets from the addresses (190.23.12.0 - 190.23.12.15) across the ppp0 interface to the chains group one-host
#
#ipchains -d 197.23.12.0/15 -i ppp0 -j one-host
#
that would do the same except filter based on the dest. address
if you need more detailed information check out the ipchains howto, you can find it online at http://www.linux.org/docs/ldp/howto/IPCHAINS-HOWTO.html
its a great help in understanding ipchains
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-02-2000 09:39 AM
тАО10-02-2000 09:39 AM
Re: IPCHAINS
Has your problem been resolved, or do you need further assistance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-02-2000 12:45 PM
тАО10-02-2000 12:45 PM
Re: IPCHAINS
Still having some trouble. This is the deal
I support 57 public libraries. They connect to my network via a private frame relay network to access their holdings / patron database, as well as to get connected to the internet. One of the biggest reasons for the libarary patrons to go to the net is to research. To aid in this the libraries subscribe to on line databases, (Worldbook, Gale, Ebsco etc) The trouble is that they don't all subscribe to the same ones.
What I wanted to do is.. Have incoming packets point at the IPchains box (Which is inside a PIX firewall. If the destination address is allowed to go to the source address (ie they subscribe to that database) they would be sent to the PIX firewall, but with the IPchains IPaddress (This would be statically translated to a global address). This address would be translated to a registered address by the PIX. The database would verify the address and authenticate them. If they don't subsribe, I would want the IPchains box to send the packet to the PIX with the orginal address. The pix will then give it a random natted address. This address will fail authentication at the database, but they will be able to get whatever free services are availble ... I think it will work, I just can't seem to figure out the IPchains howto. ITs pretty confusing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-02-2000 01:13 PM
тАО10-02-2000 01:13 PM
Re: IPCHAINS
This is a little more complex than I would expect everyone else to be interested in. Please let me know if there is any interest in continuing this quest off-line.
Talk to you soon (aewhale@hky.com)