strange format of IPFWADM

Paul Thomas Thu, 24 Sep 1998 10:27:11 -0400
I know this feed is for diald related items - but I'm sending this on 
the pretense that many users of diald will be able to help.
As such any help may be better directed to my e-mail directly.



I have a linux machine acting as a DNS, Mail, WWW & Firewall.

I want to restrict certain users from accessing various components.
So I use the following script:

**************************************************************
# Flush all the rules
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
# Deny everything!
# /sbin/ipfwadm -F -p deny
/sbin/ipfwadm -I -p reject
/sbin/ipfwadm -O -p reject

# Accept local incoming SMTP, POP3 and DNS connections to the server
# The following works . . . 
/sbin/ipfwadm -I -a accept -P all -S 192.168.1.200 -D 192.168.1.1  -v
/sbin/ipfwadm -O -a accept -P all -S 192.168.1.1 -D 192.168.1.200 -v
**************************************************************

At default I reject incoming & outgoing so nothing will get to the linux 
machine. The last two lines allow incoming and outgoing for 1 machine. 
This works fine. The output generated by the '-v' switch is:

**************************************************************
acc all opt ---- tos 0xFF 0x00 via * 0.0.0.0   192.168.1.200 -> 
192.168.1.1   n/a
acc all opt ---- tos 0xFF 0x00 via * 0.0.0.0   192.168.1.1 -> 
192.168.1.200   n/a
**************************************************************


Now, if I further qualify my rules to limit it to SMTP with the 
following (i.e. replacing the above two lines with these):

**************************************************************
#/sbin/ipfwadm -I -a accept -P tcp -S 192.168.1.200 -D 192.168.1.1  25 
-v
#/sbin/ipfwadm -O -a accept -P tcp -S 192.168.1.1  -D 192.168.1.200 25 
-v
**************************************************************

which results in the following verbose output:

**************************************************************
acc tcp opt ---- tos 0xFF 0x00 via * 0.0.0.0   192.168.1.200 -> 
192.168.1.1   * -> 25
acc tcp opt ---- tos 0xFF 0x00 via * 0.0.0.0   192.168.1.1 -> 
192.168.1.200   * -> 25
**************************************************************


The problem is that I cannot send mail (i.e. SMTP) to the linux server
(192.168.1.1), I have even tried telneting to port 25 - nothing comes 
back???????


Any suggestions?


TIA


Paul.


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
strange format of IPFWADM

Reply via email to
