Yes, IPFWADM, not IPchains or whatever is newer!
I'm still running an IP Masq box here with a 2.0.36 kernel. I'm trying
to add some ipfwadm rules to punch a hole so sendmail can work thru the
"firewall" with my ISP. (I've been using uucp for years, now I'm switc
> >
> I am a bit rusty with ipfwadm, but I'll give it a try.
>
> ipfwadm -I -a accept -P udp -S 0.0.0.0:68 -W eth0
> ipfwadm -O -a accept -P udp -S 192.168.1.0/24:67
> ipfwadm -I -a deny -P udp -S 0.0.0.0/0 67:69 -W ppp0
> ipfwadm -O -a deny -P udp -S 0.0.0.0/0 67:6
> the internal network.
>
> Thanks
>
>
>
> Ken Cole
>
>
I am a bit rusty with ipfwadm, but I'll give it a try.
ipfwadm -I -a accept -P udp -S 0.0.0.0:68 -W eth0
ipfwadm -O -a accept -P udp -S 192.168.1.0/24:67
ipfwadm -I -a deny -P udp -S 0.0.0.0/0 67:69 -W ppp0
ipf
Terry, Drew is right - this is not something you can solve with ipfwadm,
and besides you can only forward a port to a *single* machine.
Have you checked the archives? I'm willing to bet this has been answered
before, but Drew's rules look ok to me (I am not an expert though).
Sorry t
Does
the server need to receive some kind of feedback, like an "I'm ready to receive"
packet? it appears as though this would be blocked, thus the transfer
would never start. I can guess at how to fix in ipchains, but I don't know
anything about ipfwadm. Maybe allow
ok I'm using ipfwadm and I would like to open
ports 2000-2001 so that I canget streaming video on my windows
machinesthe windows box is ip 192.168.100.2-5I've checked the
docs but it confuses me more then I was before reading them8)I think the
command should be:ipfwadm -F -a ac
Well there is a problem ... In Redhat 6.2 you'll have a 2.2.X kernel ...
ipfwadm isn't supported in the 2.2.x kernels. You could downgrade, but
thats just a lot of work, and makes upgrading a pointless task. Ontop
of all that, the next kernel upgrade to 2.4.X will have yet another
f
Hi,
I am running RH6.2 with IPfwadm, now I think I should be using
IPChains...
problem is I'm reluctant to do this since... it isn't broke, why fix it?
Really, why should I upgrade to IPChains and what's the easiest way to
do this if I have to?
On Wed, Jan 12, 2000 at 10:35:49AM -0600, Steve Borho wrote:
>
> I would recommend a firewall building package called mason.
[...]
Thanks for the suggestion, Steve! I downloaded it yesterday and played
a bit - looks promising. The only drawback I can see so far: You sure
need a lot of patience t
On Wed, Jan 12, 2000 at 03:46:31PM +, Thomas Ribbrock Design/DEG" wrote:
> Hi folks,
>
> (Warning: Lengthy!)
I would recommend a firewall building package called mason. You install
it on your machine and turn it onto "learning" mode and do all the normal
things you do with your machine...
ctly to my ISP's mailserver.
All unnecesary services are commented out in /etc/inetd.conf.
I was able to get masquerading running and I'm now into the final step:
Setting up the firewall.
As a base, I decided to use the "Stronger IP Firewall (IPFWADM)
Rulesets" as given in section
Good afternoon, (sixx?),
On Thu, 2 Dec 1999, sixx wrote:
> I believe that there is a site with which you could input your required
> parameters
> and it would generate the scripts for both ipfwadm or ipchains.
> Could someone point me to the URL?
It looks like you'
On 02-Dec-99 sixx wrote:
> Hi there,
>
> I believe that there is a site with which you could input your required
> parameters
> and it would generate the scripts for both ipfwadm or ipchains.
> Could someone point me to the URL?
You are probably refering to:
htt
sixx wrote:
> I believe that there is a site with which you could input your required
> parameters and it would generate the scripts for both ipfwadm or ipchains.
> Could someone point me to the URL?
http://www.linux-firewall-tools.com.
Cheers,
--
Dave Ihnat
[EMAIL
Hi there,
I believe that there is a site with which you could input your required
parameters
and it would generate the scripts for both ipfwadm or ipchains.
Could someone point me to the URL?
Thanks.
regards,
sixx
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
Hi..
I want to forward a few ports to a specific machine. I have an example of
how to do this, but it is in ipfwadm and i use ipchains.
Can anyone tell me how to write this as ipchains lines?
example:
IP_REAL="firewall ip"
TOIP_PC="thepcothersideoffirewall"
ipmasqadm portfw
> Suggestions?
AFAICR - You MUST use Passive FTP transfers while masquerading.
Using the other, you are right, they will negotiate a port - which Linux
then rejects the packets from as they are filtered out by your masquerade
rules.
CuteFTP has a passive switch in the options.
Also make sure y
On Fri, 26 Nov 1999, Jason Hirsch wrote:
> The linux box acting as my out connection passess along the ftp request, i
> get a login prompt, password is sent... butwhen I try to obtain a
> diretory list it fails.
>
> Here is what I think is failing (but i don't understand why...)- the two
> clie
As a rather odd occurance, I can no longer use ftp after using
ipmasq to share my ethernet connection.
The linux box acting as my out connection passess along the ftp request, i
get a login prompt, password is sent... butwhen I try to obtain a
diretory list it fails.
Here is what I think is fai
> ¡Hello!
>
> I have problem with ipfwadm,
You may wish to take a look at my ipfwadm GUI wrapper, at
http://www.wolfenet.com/~jhardin/ipfwadm.html
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardinP
¡Hello!
I have problem with ipfwadm, when I cofigure this to accept
The protocol smtp, all look like well, but when I append the two rules
To accept telnet doesn´t operate.
The rules are:
Ipfwadm -I -a accept -k -P tcp -S any/0 telnet \
-D $LOCALNET 1024:65535
Ipfwadm -I -a
I'm setting up IP masq and IP filtering. I'm trying to make it so my
webserver can be accessed when it is behind the firewall. I have
given it an IP of 192.168.1.11. How would I set up an ipfwadm rule to
allow someone comming in from the net to get to this server?
quinn
--
P
According to Greg Fall:
>
> In my /etc/ppp/ip-up.local, I put the following, for the purposes of being
> able to monitor the network throughput:
>
> exec /sbin/ipfwadm -A -a -S $4 -D 0/0
> exec /sbin/ipfwadm -A -a -S 0/0 -D $4
>
Delete the "exec " prefix -- this
In my /etc/ppp/ip-up.local, I put the following, for the purposes of being
able to monitor the network throughput:
exec /sbin/ipfwadm -A -a -S $4 -D 0/0
exec /sbin/ipfwadm -A -a -S 0/0 -D $4
This doesn't work, although I can do it from the command line and it
works perfectly.
$4 is t
Hi Folks :-)
I have installed a Firewall (under RH 5.0) , works good .
I set a firewall trafic , i have deny a firewall out trafic for this IP :
ipfwadm -O -i deny -S 0.0.0.0/0 -D 146.83.144.1 -P tcp
This set to deny a firewall output to 146.83.144.1 IP .
Well , the problems is that i don&#
your woes. I too thought that the dotfile
generator would give me a working firewall. Working examples for fixed/
dynamic IP's and with/without diald coupled with ipfwadm explained in a
less technical manner would be *extreemly* helpful!
Bob
--
+---
Bob Taylor wrote:
> I would like to add myself to your woes. I too thought that the dotfile
> generator would give me a working firewall. Working examples for fixed/
> dynamic IP's and with/without diald coupled with ipfwadm explained in a
> less technical manner would be *e
I'm going nuts trying to put together a set of rules that actually
work. So far the only way I've been able to get _anything_ through is
by setting all my defaults to accept (obviously a bad idea).
Is there, anywhere, an explanation of ipfwadm that's better than the man
Does anyone know of what kernel version has damaged ipfwadm support?
TIA.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
Joe Klemmer wrote:
>
> On Fri, 6 Mar 1998, Michael Jinks wrote:
>
> > Permit DNS fron outside world to firewall (masqueraded):
> > -I -a accept -P udp -S 0.0.0.0/0 53 -D [outer ip address]
>
> Just a quick stab in the dark but don't you need to allow external
> DNS to the internal netwo
with the default gateway being my outside router.
Right now there's only one machine on the "safe" side of the firewall;
it points to the firewall's trusted interface as its gateway.
I'm reasonably certain that I've left out a vital rule, but the examples
I've be
31 matches
Mail list logo
