Re: iptables
From: Rob 'Feztaa' Park (fezziker@home.com)Date: 09/20/01
- Previous message: Stephen Villano: "RE: Custom messages for failed ROOT logins on RedHat"
- In reply to: Thomas Kirk: "iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Sep 2001 17:42:33 -0600 (MDT) From: Rob 'Feztaa' Park <fezziker@home.com> To: Bugtraq - Focus Linux <focus-linux@securityfocus.com> Subject: Re: iptables Message-ID: <Pine.LNX.4.33L2.0109191736050.2313-100000@feztron.ath.cx>
On Tue, 18 Sep 2001, Thomas Kirk (dis)graced my inbox with this:
> Setup :
>
> +------>192.168.10.x
> |
> |------>192.168.11.x
> Internet->Gatway(running iptables etc)--|
> |------>192.168.12.x
> |
> +------>192.168.13.x
>
> How is this done? Right now i cant connect to the server from any of
> the sides?
Ok, according to the following rules:
> iptables -A state_chk -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A state_chk -m state --state NEW -i ! eth0 -j ACCEPT
> iptables -A state_chk -j DROP
It looks as though your router is dropping all new packets that are coming
in on eth0. If eth0 is the interface that the firewall is using for itself
(not used for any forwarding), then that would mean you can't connect to
it. Make that second rule look like this:
iptables -A state_chk -m state --state NEW -j ACCEPT
and it should work fine.
-- Rob 'Feztaa' Park fezziker@home.com ICQ#: 49781692 :wq!
- Previous message: Stephen Villano: "RE: Custom messages for failed ROOT logins on RedHat"
- In reply to: Thomas Kirk: "iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
