E Frank Ball
frankb at efball.com
Wed Apr 3 11:05:25 PST 2002
On Wed, Apr 03, 2002 at 10:41:48AM -0800, Christopher Wagner wrote:
} Hi Mark.. Thanks for responding..
} When I do a set passive on, it still gives me connection refused..
} ipchains appears to still be working even with my 2.4.9 kernel. I'm not
} keeping up very well with the latest firewalling stuff, iptables is kind of
} intimidating to me, I'm not sure what exactly I'm supposed to do with it, it
} is installed on my box, though.
} I stopped ipchains, ftp then worked as it should. I'm puzzled, this is my
} :input ACCEPT
} :forward ACCEPT
} :output ACCEPT
} -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
} -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
} -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
} -A input -s 10.0.0.67 -d 0/0 21 -p tcp -y -j ACCEPT
} -A input -s 220.127.116.11 -d 0/0 20 -p tcp -y -j ACCEPT
} -A input -s 18.104.22.168 -d 0/0 21 -p tcp -y -j ACCEPT
Is ssh, smtp, or http working? What are all the -y arguments for? -y
means only accept syn packets. Try it without -y
} -A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
Keep this -y
It's a ipchains firewall script I wrote that makes a good starting
point. It's the basis for what I'm still using. I see a lot of
problems with what your doing.
E Frank Ball frankb at efball.com
More information about the talk