[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pmfirewall - ADSL



I don't usually **reply** to my own posting, but Tzafrir suggested that I add
more details, so although I have posted this before, I'm attaching the following
files and maybe someone can help me.

1 - 4 pmfirewall configuration files
2 - the output of ifconfig
3 - the output of ipchains -L -n 
         -  without the firewall running
         -  with masquerading only
         -  with the **start** parameter (this is the problem!!)

the names of the attached files should be self explanatory

TIA 



On 03-Feb-2001 solomon@barak-online.net wrote:
> Hi,
> 
> I asked this about three months ago and some people tried to help, but I
> didn't
> solve my problem, so I'm asking again, since maybe there is now more
> experience
> with ADSL.
> 
> I'm trying to use pmfirewall on my Linux box - connected with ADSL. There are
> two functions I need.
> 
> 1 - IP Masquerading for the rest of the network (3 WIN98 machines) - this
> works
> perfectly. After installation, I ran **pmfirewall masqstart** and it worked
> with no problems.
> 
> 2 - firewall funtionality - to keep the **bad guys** out :-). For some
> reason,
> I can't get this properly set up. When I run **pmfirewall start**, the
> firewall
> is so **good** that I no longer see the Internet or even the Alcatel modem
> (10.0.0.138). I can't  **ping** either of them. I can ping my local network
> (eth1) and the NIC (eth0) connected to the ADSL modem.
> 
> If anyone has got this set up on ADSL, I'd appreciate hearing details, or
> comparing configuration files.
> 
> BTW - other firewall solutions would also be appreciated, if someone has got
> something else set up.
> 
> TIA
> 
> //-------------------------
> Shlomo Solomon
> E-Mail: solomon@barak-online.net
> http://come.to/shlomo.solomon
> Date: 03-Feb-2001   Time: 21:45:56
> 
> Message sent by XFMail on a LINUX Mandrake 7.2 machine
> //-------------------------
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il

//-------------------------
Shlomo Solomon
E-Mail: solomon@barak-online.net
http://come.to/shlomo.solomon
Date: 03-Feb-2001   Time: 23:23:12

Message sent by XFMail on a LINUX Mandrake 7.2 machine
//-------------------------

pmfirewall.rules.masq

pmfirewall.rules.local

pmfirewall.rules.1

pmfirewall.conf

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     tcp  !y----  0.0.0.0/0            192.117.196.71        * ->   *
DENY       all  ------  10.0.0.0/8           192.117.196.71        n/a
DENY       all  ------  127.0.0.0/8          192.117.196.71        n/a
DENY       all  ------  172.16.0.0/12        192.117.196.71        n/a
DENY       all  ------  192.168.0.0/16       192.117.196.71        n/a
DENY       tcp  ----l-  0.0.0.0/0            192.117.196.71        * ->   31337
DENY       udp  ----l-  0.0.0.0/0            192.117.196.71        * ->   31337
DENY       tcp  ----l-  0.0.0.0/0            192.117.196.71        * ->   12345:
12346
DENY       udp  ----l-  0.0.0.0/0            192.117.196.71        * ->   12345:
12346
DENY       tcp  ----l-  0.0.0.0/0            192.117.196.71        * ->   1524
DENY       tcp  ----l-  0.0.0.0/0            192.117.196.71        * ->   27665
DENY       udp  ----l-  0.0.0.0/0            192.117.196.71        * ->   27444
DENY       udp  ----l-  0.0.0.0/0            192.117.196.71        * ->   31335
DENY       all  ------  224.0.0.0/8          0.0.0.0/0             n/a
DENY       all  ------  0.0.0.0/0            224.0.0.0/8           n/a
ACCEPT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   67:68
REJECT     tcp  ------  0.0.0.0/0            192.117.196.71        * ->   113
REJECT     udp  ------  0.0.0.0/0            192.117.196.71        * ->   113
DENY       tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   137:13
9
DENY       udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   137:13
9
REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   520
DENY       tcp  ----l-  0.0.0.0/0            0.0.0.0/0             * ->   2049
DENY       udp  ----l-  0.0.0.0/0            0.0.0.0/0             * ->   2049
DENY       tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   5999:6
003
DENY       udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   5999:6
003
ACCEPT     all  ------  192.168.0.0/24       0.0.0.0/0             n/a
ACCEPT     icmp ------  0.0.0.0/0            192.117.196.71        * ->   *
ACCEPT     tcp  ------  0.0.0.0/0            192.117.196.71        * ->   1023:6
5535
ACCEPT     udp  ------  0.0.0.0/0            192.117.196.71        * ->   1023:6
5535
DENY       all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
Chain forward (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.0.0/24       192.168.0.0/24        n/a
ACCEPT     all  ------  192.117.196.71       0.0.0.0/0             n/a
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  192.168.0.0/24       0.0.0.0/0             n/a
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   80
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   22
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   23
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   21
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   110
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   25
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   20
ACCEPT     icmp ------  192.168.0.0/24       0.0.0.0/0             * ->   *
ACCEPT     icmp ------  192.117.196.71       0.0.0.0/0             * ->   *
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain forward (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.0.0/24       192.168.0.0/24        n/a
ACCEPT     all  ------  192.117.196.71       0.0.0.0/0             n/a
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.0.0/24       0.0.0.0/0             n/a
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   80
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   22
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   23
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   21
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   110
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   25
-          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   20
ACCEPT     icmp ------  192.168.0.0/24       0.0.0.0/0             * ->   *
Chain input (policy ACCEPT):
Chain forward (policy DENY):
Chain output (policy ACCEPT):

xx-ifconfig-txt