At 10:31 12.03.2001 -0500, you wrote:
>I dont know what I changed, but I can telnet into my Linux machine
>(Firewall) from my internal network, however I can do it from the
>internet.
well.....if u are the only user on your internal network and no security
concerns are against it u could allow the whole internal network
(or just one machine) to access services on your server.
i did this on my router to allow my internal network access the linux box :
ipchains -A input -s 192.168.0.0/24 (my internal net) -d 0/0 -i eth0 ( the
lan card for my internal net) -j ACCEPT
>What is the ipchain command I need to allow me in again?, I also cant
>ftp, access the apache website in my linux server.
>
>And my other question is what is the difference in IPCHAINS for INPUT,
>OUTPUT and FORWARD, I am confused as to the meaning of these
well......as the name says, INPUT is the chain for all packets that are
coming into your machine (regardless which interface, either from your lan
or the internet)
OUTPUT is the chain for all packets leaving your machine (to the internet
or to your lan)
and FORWARD is the chain for all packets which are just passing the server,
for example if u have a masqed machine behind your linux server, all the
packets coming from the masqed machine (destined for lets say the internet)
will traverse the FORWARD chain.
that is why u would have to have a masq target in your FORWARD chain (if u
are doing masquerading ;) )
i recommend the ipchains howto at www.linuxdoc.org , it has a very good
description of the different chains and how they are handled.
HTH,
--quay
>Thanks
>
>Nadin
