Ipchains Woes
Craig White
plug-discuss@lists.plug.phoenix.az.us
27 Feb 2002 07:15:48 -0700
On Wed, 2002-02-27 at 05:57, Steve Holmes wrote:
> OK, I can lynx to other sites and I can ping along as I use numeric ip
> addresses. Here is the test firewall script I am currently using when I
> do this. BTW, ports 53 (both udp and tcp) do not yield me any thing. I
> use a regular name server at 24.221.30.3.
> ------------------
> #!/bin/sh
> # Firewall testing script
>
> ipchains -P input DENY
> ipchains -P forward DENY
> ipchains -P output ACCEPT
>
> ipchains -A forward -s 192.168.1.0/24 -i eth1 -j MASQ
> ipchains -A input -i lo -j ACCEPT
> ipchains -A input -i eth0 -j ACCEPT
> ipchains -A input -p tcp ! -y --dport 1024:65535 -j ACCEPT
> ipchains -A input -p icmp -j ACCEPT
>
----
OK from firewall box - what is result of
ipchains -L
ping -c 4 24.221.30.3
ping -c 4 24.221.30.4
cat /etc/resolv.conf
cat /etc/sysconfig/network
route -n
or if this makes it easier
ipchains -L > /tmp/test
ping -c 4 24.221.30.3 >> /tmp/test
ping -c 4 24.221.30.4 >> /tmp/test
cat /etc/resolv.conf >> /tmp/test
cat /etc/sysconfig/network >> /tmp/test
route -n >> /tmp/test
mail <your_email_address> < /tmp/test
and then forward this on to the list
Craig