Yes, IPFWADM, not IPchains or whatever is newer!

I'm still running an IP Masq box here with a 2.0.36 kernel. I'm trying
to add some ipfwadm rules to punch a hole so sendmail can work thru the
"firewall" with my ISP. (I've been using uucp for years, now I'm switching
to a fixed IP address and ETRN.)

So I dig up the firewall-HOWTO and read the section on IPFWADM and see
there are two examples there for doing what I think is what I want to do.
Here's what the HOWTO shows:

#allow incoming email
/sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.10 25
#allow email connections to outside email servers
/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.10 25 -D 0.0.0.0/0 1024:65535

I've modified that slightly by putting: 1) the address of the smtp server
at my ISP where these two rules have "0.0.0.0" and the internal-to-my-LAN
address of the machine where sendmail actually runs (it's not running on
the ip masq box itself as a security measure) where the example shows
192.1.2.10.

When I submit those two rules to ipfwadm I get back an error message 
(sorry I don't have the exact wording) about "multiple commands" (or
"too many commands", and I get it once for each of these rules.

I don't have a clue about what it's complaining about. Each option I'm
using is listed in the ipfwadm man page. The only thing that looks
perhaps weird to me is that for the -b option, the man page says:

       -b     Bidirectional mode.  The rule will  match  with  IP
              packets  in  both  directions.  This option is only
              valid in combination with the  append,  insert,  or
              delete commands.

I'm not entirely certain I follow this.

Is there someone here who understands IPFWADM (rather than doing a
cookbook thing like I'm forced to do in lieu of knowing what I'm doing)
who can help enlighten me as to 1) what's the problem here, and 2) how
to really do what I want to do?

Thanks!

Fred
-- 
---- Fred Smith -- [EMAIL PROTECTED] -----------------------------
  "For him who is able to keep you from falling and to present you before his 
 glorious presence without fault and with great joy--to the only God our Savior
 be glory, majesty, power and authority, through Jesus Christ our Lord, before
                     all ages, now and forevermore! Amen."
----------------------------- Jude 1:24,25 (niv) -----------------------------



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to