Re: ipchains

From: LKeith (lkeith@notonyourlife.cn)
Date: 01/27/03

• Next message: Art Kopp: "Re: grc.com news server down?"
• Previous message: Phillip Pi: "Re: NIS Blocking Webcams?"
• In reply to: Barti: "ipchains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "LKeith" <lkeith@notonyourlife.cn>
Date: Mon, 27 Jan 2003 12:01:31 -0800

"Barti" <bart@spam-usun.sonik.pl> wrote in message
news:b0qulf$5c8$1@news.tpi.pl...
> hi
> could you tell me how to open port 137-139 for specific IP?
> how should ipchains rule look like?
> barti
>
On a two-homed router/firewall/gateway, where eth0 connects to
Internet, and eth1 is LAN, these are my relevent rules:
# on LAN smb/nmb is ok
-A input -p tcp -i eth1 -s 0/0 -d 0/0 137:139 -j ACCEPT
-A input -p udp -i eth1 -s 0/0 -d 0/0 137:139 -j ACCEPT
# on WAN smb/nmb is not ok
-A input -p tcp -i eth0 -s 0/0 -d 0/0 137:139 -j DENY
-A input -p udp -i eth0 -s 0/0 -d 0/0 137:139 -j DENY
# on WAN smb/nmb is not ok
-A forward -p tcp -i eth0 -s 0/0 -d 0/0 137:139 -j DENY
-A forward -p udp -i eth0 -s 0/0 -d 0/0 137:139 -j DENY
# on LAN smb/nmb is ok
-A output -p udp -i eth1 -s 0/0 -d 0/0 137:139 -j ACCEPT
-A output -p tcp -i eth1 -s 0/0 -d 0/0 137:139 -j ACCEPT
# on WAN smb/nmb is not ok
-A output -p tcp -i eth0 -s 0/0 -d 0/0 137:139 -j DENY
-A output -p udp -i eth0 -s 0/0 -d 0/0 137:139 -j DENY

---

• Next message: Art Kopp: "Re: grc.com news server down?"
• Previous message: Phillip Pi: "Re: NIS Blocking Webcams?"
• In reply to: Barti: "ipchains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)