[newbie] Telnet/IP MASQ
I dont know what I changed, but I can telnet into my Linux machine (Firewall) from my internal network, however I can do it from the internet. What is the ipchain command I need to allow me in again?, I also cant ftp, access the apache website in my linux server. And my other question is what is the difference in IPCHAINS for INPUT, OUTPUT and FORWARD, I am confused as to the meaning of these Thanks Nadin
Re: [newbie] Telnet/IP MASQ
At 10:31 12.03.2001 -0500, you wrote: I dont know what I changed, but I can telnet into my Linux machine (Firewall) from my internal network, however I can do it from the internet. well.if u are the only user on your internal network and no security concerns are against it u could allow the whole internal network (or just one machine) to access services on your server. i did this on my router to allow my internal network access the linux box : ipchains -A input -s 192.168.0.0/24 (my internal net) -d 0/0 -i eth0 ( the lan card for my internal net) -j ACCEPT What is the ipchain command I need to allow me in again?, I also cant ftp, access the apache website in my linux server. And my other question is what is the difference in IPCHAINS for INPUT, OUTPUT and FORWARD, I am confused as to the meaning of these well..as the name says, INPUT is the chain for all packets that are coming into your machine (regardless which interface, either from your lan or the internet) OUTPUT is the chain for all packets leaving your machine (to the internet or to your lan) and FORWARD is the chain for all packets which are just passing the server, for example if u have a masqed machine behind your linux server, all the packets coming from the masqed machine (destined for lets say the internet) will traverse the FORWARD chain. that is why u would have to have a masq target in your FORWARD chain (if u are doing masquerading ;) ) i recommend the ipchains howto at www.linuxdoc.org , it has a very good description of the different chains and how they are handled. HTH, --quay Thanks Nadin
Re: [newbie] Telnet/IP MASQ
crap I meant I can access myLinux machine through telnet, ftp and XDMCP from my internal network, however I cant do any of it from the internet. I want to be able to do it. I have pmfirewall installed, but I also have fbuilder installed, and it might be fbuilder however I have no idea how to get rid of it(fbuilder) and any scripts. (My linux machine is my connectionr(firewall) to the internet Thanks Nadin On Mon, 12 Mar 2001, Quaylar wrote: At 10:31 12.03.2001 -0500, you wrote: I dont know what I changed, but I can telnet into my Linux machine (Firewall) from my internal network, however I can do it from the internet. well.if u are the only user on your internal network and no security concerns are against it u could allow the whole internal network (or just one machine) to access services on your server. i did this on my router to allow my internal network access the linux box : ipchains -A input -s 192.168.0.0/24 (my internal net) -d 0/0 -i eth0 ( the lan card for my internal net) -j ACCEPT What is the ipchain command I need to allow me in again?, I also cant ftp, access the apache website in my linux server. And my other question is what is the difference in IPCHAINS for INPUT, OUTPUT and FORWARD, I am confused as to the meaning of these well..as the name says, INPUT is the chain for all packets that are coming into your machine (regardless which interface, either from your lan or the internet) OUTPUT is the chain for all packets leaving your machine (to the internet or to your lan) and FORWARD is the chain for all packets which are just passing the server, for example if u have a masqed machine behind your linux server, all the packets coming from the masqed machine (destined for lets say the internet) will traverse the FORWARD chain. that is why u would have to have a masq target in your FORWARD chain (if u are doing masquerading ;) ) i recommend the ipchains howto at www.linuxdoc.org , it has a very good description of the different chains and how they are handled. HTH, --quay Thanks Nadin
Re: [newbie] Telnet/IP MASQ
At 13:57 12.03.2001 -0500, you wrote: crap I meant I can access myLinux machine through telnet, ftp and XDMCP from my internal network, however I cant do any of it from the internet. I want to be able to do it. I have pmfirewall installed, but I also have fbuilder installed, and it might be fbuilder however I have no idea how to get rid of it(fbuilder) and any scripts. (My linux machine is my connectionr(firewall) to the internet Thanks Nadin i once installed pmfirewall, i think its just a nice config utility for ipchains. i cant advise u how to set pmfirewall to allow ftp/telnet but i can tell u the direct way to do it: these commands will allow *anybody* to ftp/telnet into your machine from the internet : ipchains -A input -s 0/0 -d 0/0 -p tcp --dport 21 -j ACCEPT ipchains -A input -s 0/0 -d 0/0 -p tcp --dport 20 -j ACCEPT these 2 are for ftp (port 20 is ftp-data) ipchains -A input -s 0/0 -d 0/0 -p tcp --dport 23 -j ACCEPT and this is telnet, u can simply add these 2 commands to your /etc/rc.local, however i would recommend to read the ipchains howto and build a *custum* firewall to your needs, its important to really understand what u are doing when building a firewall. unfortunately i dont know what XDMCP is so i cant tell u the ipchains rule to allow it, maybe someone else can help here. greets, --quay
