At 07:28 PM 4/1/01 +0200, [EMAIL PROTECTED] wrote: ... >the server is the router itself (potato). the router=server ist >connected to the internet via isdn and i am on dynamic IP. > > >RO> If it is the router itself, you need to be more specific than "nobody can >RO> connect to my server". As I read your ruleset, you have not opened any >RO> destination ports in the typical range (1-1024) for standard services. For >RO> each service you want to make accessable, you need an input-chain rule >RO> something like this: > >RO> ipchains -A input -i $DEV_INET -p tcp -d a.b.c.d/32 443 -j ACCEPT > >hm, i thought i did open specific services, for example: > >#----- HTTP erlauben -----> >ipchains -A output -i $DEV_INET -p tcp -d $INET 80 -j ACCEPT >ipchains -A input -i $DEV_INET -p tcp -s $INET 80 -j ACCEPT ! -y
Look at the input-chain rule first. It ACCEPTs traffic *from* port 80. If you want to run a Web (http) server on your router (not a smart thing to do in my opinion, but it's your LAN), you need to ACCEPT traffic *to* port 80. Note that my example uses the -d flag, not the -s flag. Also, the "! -y" option you use blocks initiation packets, accepting only reply packets (the man page could explain this a bit more clearly, but it is there). The outpur rule is irrelevent. It ACCEPTs traffic going *out* on the external interface ($DEV_INET) to other sites (0/0). >where $INET=0.0.0.0/0, maybe this is my mistake. do i have to enter >the real IP of the external interface? this would mean i have to reget >my ip every time i reconnect to internet cause i am on dialup ? This really depends on how much you want your firewall to protect you. You can ACCEPT traffic on port 80 with any destination, and I can't immediately see an added risk caused by that, but it does make your system more open. But that is a different problem from the one you actually have, which is a scrambling of the -s and -d flags. [old stuff deleted] -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ----------------------------------------------------------------
