- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Need ipchains help
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2002 08:28 AM
03-15-2002 08:28 AM
1 - Act as a firewall in general to deny inbound access to all but very specific services.
2 - Allow me to forward connection attempts to specific services (http, for instance) to a different machine sitting behind the Linux box's second interface.
I have tried all kinds of different ipchains commands with no luck. Can someone help me with the specific syntax of how to accomplish port forwarding with ipchains?
And yes, I've read the ipchains howto, etc., but can't find specific examples of how to get the port forwarding pieces working correctly.
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2002 09:44 AM
03-15-2002 09:44 AM
Re: Need ipchains help
ipmasqadm portfw -a -P tcp -L external.example.com smtp -R internal.example.com smtp
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2002 10:01 AM
03-15-2002 10:01 AM
Re: Need ipchains help
First you would want to define your default policy and judging from your post I would think you wanted to deny everything unless you specifically allow it. You would do this by editing the file /etc/rc.d/rc.firewall and putting the following lines at the top.
####Set default policy to deny ####
ipchains -P input DENY
ipchains -P output REJECT
ipchains -P forward REJECT
Now all your network traffic is blocked and you have to decide what you want to enable.
You may want to create some variables in this file to eliminate having to type numbers repeatedly. Some examples would be:
EXTERNAL_INTERFACE="eth0"
LOOPBACK_INTERFACE="lo"
IPADDR="your.ip.address"
ANYWHERE="any/0" #match any IP address
PRIVPORTS="0:1023"
UNPRIVPORTS="1024:65535"
Anyway, after you have all the variables you need or want then you can start enabling what you want to let through.
To allow you to run any local network service you choose you have to enable unrestricted loopback traffic. Do this by entering
ipchains -A input -i $LOOPBACK_INTERFACE -j ACCEPT
ipchains -A output -i $LOOPBACK_INTERFACE -j ACCEPT
Now you need to accept traffic for the services that you want to offer. To receive mail sent to this machine from an external address you would use:
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE $UNPRIVPORTS -d $IPADDR 25 -j ACCEPT
Ok well this should at least get you going and let you see the syntax for the ipchains commands that you will be using. Check out a book called Linux Firewalls by Robert L. Ziegler ISBN 0-7357-0900-9
Have fun and hope this helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2002 06:56 PM
03-15-2002 06:56 PM
SolutionSince you are using RH 7.2, why not try iptables instead? One tool that can accomplish the entire firewalling setup.
Jefferey's setup for ipchains is a great start, and most of that would be applicable to an iptables configuration as well.
There are several iptables firewall builders available (check out http://freshmeat.net and search on iptables firewall). I'm kind of partial to shorewall, though it is somewhat more difficult to make jump through hoops than some others I've worked with.
If you are still having trouble with specific NAT issues, please to post a more detailed description of what it is that's not working.
Best regards.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2002 11:19 AM
03-18-2002 11:19 AM
Re: Need ipchains help
Thanks again, everyone.