Ipchains Woes
David A. Sinck
plug-discuss@lists.plug.phoenix.az.us
Mon, 25 Feb 2002 11:03:50 -0700
\_ SMTP quoth Steve Holmes on 2/25/2002 05:32 as having spake thusly:
\_
\_ I'm running a 2.2.20 kernel thus use ipchains for the firewall. What I am
\_ trying to do is fairly basic; I have a recent copy of endoshield, a common
\_ firewall script which I ported to use ipchains as well as iptables. My
\_ problem is when I run the script, I lose all connectivity with the outside
\_ world. The behavior completely changes as soon as the default policy is
\_ changed on the input chain. When it is ACCEPT, all gets through fine;
\_ obviously not good for firewall purposes but I can get out. As soon as it
\_ goes to DENY, I can no longer get through.
Obviously, something is falling off the end of the chain when you're
not expecting it to. Throw in a rule by hand with -l (logging) at the
end of suspicious chains and see if the packets falling off with DENY
yields any clues. Then let those in/out.
David