Ipchains Woes

David A. Sinck plug-discuss@lists.plug.phoenix.az.us
Mon, 25 Feb 2002 11:03:50 -0700


\_ SMTP quoth Steve Holmes on 2/25/2002 05:32 as having spake thusly:
\_
\_ I'm running a 2.2.20 kernel thus use ipchains for the firewall.  What I am
\_ trying to do is fairly basic; I have a recent copy of endoshield, a common
\_ firewall script which I ported to use ipchains as well as iptables.  My
\_ problem is when I run the script, I lose all connectivity with the outside
\_ world.  The behavior completely changes as soon as the default policy is
\_ changed on the input chain.  When it is ACCEPT, all gets through fine;
\_ obviously not good for firewall purposes but I can get out.  As soon as it
\_ goes to DENY, I can no longer get through.  

Obviously, something is falling off the end of the chain when you're
not expecting it to.  Throw in a rule by hand with -l (logging) at the
end of suspicious chains and see if the packets falling off with DENY
yields any clues.  Then let those in/out.

David