Re: iptables & vypress

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Let me get this right
 
LAN192.168.4.0-----------[eth0]---iptables-firewall--[eth1]-------------LAN192.168.1.0
 
 You need 2 set of rules for both directions
 
 from .4. to .1.
 iptables -A FORWARD -s 192.168.4.0/24 -d 192.168.1.0/24 -p tcp -j ACCEPT
 iptables -A FORWARD -s 192.168.4.0/24 -d 192.168.1.0/24 -p udp -j ACCEPT
 
 from .1. to .4.
 iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.4.0/24 -p tcp -j ACCEPT
 iptables -A FORWARD -s 192.168.4.0/24 -d 192.168.1.0/24 -p udp -j ACCEPT
 
 INPUT & OUTPUT chains are for local processes (bind, squid, pppd) not forward.

I've never been a big fan of default DROP policy on chains. Sometimes
yes, it can be of some help but otherwise you don't want to be ssh-ing
to another country and accidentally invoking iptables -F :)
 
 
 --Adrian
 Oriflame Romania SysAdmin

On 7/14/05, Luca Ferrari <fluca1978@xxxxxxxxxxx> wrote:
> Hi,
> I've got two networks, 192.168.1.0 and 192.168.4.0, that are connected
> thru an ADSL and a couple of firewalls (with iptables). Now I've got
> some problems with the Vypress Messenger, a chat program that
> communicates using the 7777 port. The problem is that outgoing traffic
> from 192.168.4.0 is permitted, while incoming not, thus 192.168.4.0 can
> send messages to the other network, but the 192.168.1.0 cannot. The
> following is an excerpt of the iptables configuration for the network
> 192.168.1.0 on the 192.168.4.0 firewall:
> 
> [root@firewall script]# iptables-save | grep 192.168.1
> -A INPUT -s 192.168.4.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -p
> tcp -j ACCEPT
> -A INPUT -s 192.168.4.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -p
> udp -j ACCEPT
> -A FORWARD -s 192.168.4.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -p
> tcp -j ACCEPT
> -A FORWARD -s 192.168.4.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -p
> udp -j ACCEPT
> -A OUTPUT -d 192.168.1.0/255.255.255.0 -o eth1 -p udp -j ACCEPT
> 
> 
> I cannot see what's wrong here, since all the traffic among 192.168.1.0
> and 192.168.4.0 is permitted. I'm pretty sure the problem is in the
> iptables of 192.168.4.0 network cause if I cannot directly (i.e.,
> bypassing the iptable firewall) vypress works.
> Any suggestion?
> 
> Thanks,
> Luca
> 
> --
> Luca Ferrari
> fluca1978@xxxxxxxxxxx
> -
> : send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux