[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: pmfirewall - ADSL
- To: linux-il(at-nospam)cs.huji.ac.il
- Subject: RE: pmfirewall - ADSL
- From: solomon(at-nospam)barak-online.net
- Date: Sat, 03 Feb 2001 23:35:35 +0200 (IST)
- In-Reply-To: <XFMail.20010203220529.solomon@barak-online.net>
- Organization: Shlomo Solomon
- Sender: root(at-nospam)shlomo1.solomon
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
I don't usually **reply** to my own posting, but Tzafrir suggested that I add
more details, so although I have posted this before, I'm attaching the following
files and maybe someone can help me.
1 - 4 pmfirewall configuration files
2 - the output of ifconfig
3 - the output of ipchains -L -n
- without the firewall running
- with masquerading only
- with the **start** parameter (this is the problem!!)
the names of the attached files should be self explanatory
TIA
On 03-Feb-2001 solomon@barak-online.net wrote:
> Hi,
>
> I asked this about three months ago and some people tried to help, but I
> didn't
> solve my problem, so I'm asking again, since maybe there is now more
> experience
> with ADSL.
>
> I'm trying to use pmfirewall on my Linux box - connected with ADSL. There are
> two functions I need.
>
> 1 - IP Masquerading for the rest of the network (3 WIN98 machines) - this
> works
> perfectly. After installation, I ran **pmfirewall masqstart** and it worked
> with no problems.
>
> 2 - firewall funtionality - to keep the **bad guys** out :-). For some
> reason,
> I can't get this properly set up. When I run **pmfirewall start**, the
> firewall
> is so **good** that I no longer see the Internet or even the Alcatel modem
> (10.0.0.138). I can't **ping** either of them. I can ping my local network
> (eth1) and the NIC (eth0) connected to the ADSL modem.
>
> If anyone has got this set up on ADSL, I'd appreciate hearing details, or
> comparing configuration files.
>
> BTW - other firewall solutions would also be appreciated, if someone has got
> something else set up.
>
> TIA
>
> //-------------------------
> Shlomo Solomon
> E-Mail: solomon@barak-online.net
> http://come.to/shlomo.solomon
> Date: 03-Feb-2001 Time: 21:45:56
>
> Message sent by XFMail on a LINUX Mandrake 7.2 machine
> //-------------------------
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
//-------------------------
Shlomo Solomon
E-Mail: solomon@barak-online.net
http://come.to/shlomo.solomon
Date: 03-Feb-2001 Time: 23:23:12
Message sent by XFMail on a LINUX Mandrake 7.2 machine
//-------------------------
pmfirewall.rules.masq
pmfirewall.rules.local
pmfirewall.rules.1
pmfirewall.conf
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT tcp !y---- 0.0.0.0/0 192.117.196.71 * -> *
DENY all ------ 10.0.0.0/8 192.117.196.71 n/a
DENY all ------ 127.0.0.0/8 192.117.196.71 n/a
DENY all ------ 172.16.0.0/12 192.117.196.71 n/a
DENY all ------ 192.168.0.0/16 192.117.196.71 n/a
DENY tcp ----l- 0.0.0.0/0 192.117.196.71 * -> 31337
DENY udp ----l- 0.0.0.0/0 192.117.196.71 * -> 31337
DENY tcp ----l- 0.0.0.0/0 192.117.196.71 * -> 12345:
12346
DENY udp ----l- 0.0.0.0/0 192.117.196.71 * -> 12345:
12346
DENY tcp ----l- 0.0.0.0/0 192.117.196.71 * -> 1524
DENY tcp ----l- 0.0.0.0/0 192.117.196.71 * -> 27665
DENY udp ----l- 0.0.0.0/0 192.117.196.71 * -> 27444
DENY udp ----l- 0.0.0.0/0 192.117.196.71 * -> 31335
DENY all ------ 224.0.0.0/8 0.0.0.0/0 n/a
DENY all ------ 0.0.0.0/0 224.0.0.0/8 n/a
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 67:68
REJECT tcp ------ 0.0.0.0/0 192.117.196.71 * -> 113
REJECT udp ------ 0.0.0.0/0 192.117.196.71 * -> 113
DENY tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 137:13
9
DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 137:13
9
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 520
DENY tcp ----l- 0.0.0.0/0 0.0.0.0/0 * -> 2049
DENY udp ----l- 0.0.0.0/0 0.0.0.0/0 * -> 2049
DENY tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5999:6
003
DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5999:6
003
ACCEPT all ------ 192.168.0.0/24 0.0.0.0/0 n/a
ACCEPT icmp ------ 0.0.0.0/0 192.117.196.71 * -> *
ACCEPT tcp ------ 0.0.0.0/0 192.117.196.71 * -> 1023:6
5535
ACCEPT udp ------ 0.0.0.0/0 192.117.196.71 * -> 1023:6
5535
DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY):
target prot opt source destination ports
ACCEPT all ------ 192.168.0.0/24 192.168.0.0/24 n/a
ACCEPT all ------ 192.117.196.71 0.0.0.0/0 n/a
MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT all ------ 192.168.0.0/24 0.0.0.0/0 n/a
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 80
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 23
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 21
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 110
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 25
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 20
ACCEPT icmp ------ 192.168.0.0/24 0.0.0.0/0 * -> *
ACCEPT icmp ------ 192.117.196.71 0.0.0.0/0 * -> *
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 192.168.0.0/24 0.0.0.0/0 n/a
Chain forward (policy DENY):
target prot opt source destination ports
ACCEPT all ------ 192.168.0.0/24 192.168.0.0/24 n/a
ACCEPT all ------ 192.117.196.71 0.0.0.0/0 n/a
MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 192.168.0.0/24 0.0.0.0/0 n/a
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 80
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 23
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 21
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 110
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 25
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 20
ACCEPT icmp ------ 192.168.0.0/24 0.0.0.0/0 * -> *
Chain input (policy ACCEPT):
Chain forward (policy DENY):
Chain output (policy ACCEPT):
xx-ifconfig-txt