RE: A little help?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris - couple of questions for you:

1.  You have supplied two scripts here.  Which one are you trying to use, or
which one do you want help with to solve your problem?  That will help
narrow the focus down.

2.  What specific problems are you having now with your firewall?  You
mention that Guard Dog is "stuffing up" iptables, but this means very little
to me.  If you could be more specific as to what is not working that would
be helpful.

3.  What type of connection are your internal clients connected to?  Do they
have static IP's, or are they being assigned IP's by DHCP?

4.  You have several Rule chains defined (i.e. firewalled, tcpflags,
silent), and yet I don't see any rules for these.  What are you trying to do
here?

Clear up some of these questions and issues, and someone may be able to help
you.  Right now, there are too many unknowns and unexplained issues.

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Chris
Winfield-Blum
Sent: Friday, November 14, 2003 12:46 AM
To: netfilter@xxxxxxxxxxxxxxx
Subject: A little help?

Hi everyone.. i hope that one of you may be able to help...

Hi my name is Chris and I'm currently setting up a firewall for my office.
However I am pretty much a novice and am having some problems... I read one
of your scripts and thought you would be a good person to get in contact
with IF i could.
 
I have a firewall up and running BUT my boss is wanting me to block Instant
Messaging... I have worked out HOW to do this however the system that I had
working was causing problems with the email (i was using Guarddog for KDE) 

So i have resorted to handwriting everything as I should probably have done
before hand.

I was hoping that you would be able to help me out... I am limited by what I
can do to the network because this is a "stable" network (even though they
did not have a firewall before I cam 3 weeks ago) 

I have installed a Proxy server on the same box as the firewall and the
rules successfully prevent clients from accessing yahoo and msn (which a
normal firewall wouldnt because they would go through on port 80 etc)

BUT when guarddog was used it was stuffing up the IPtables.. (eg i would
open Port 80 and it would close it)

EXACTLY WHAT I NEED
------------------------------------

I need to have two sections to the firewall.. one being the server and
priviledged machine (kind of like DMZ BUT on the same ip range as the
clients much to my disgust) 

Local Clients are from 192.168.1.11-192.168.1.249 (not my setup)

I want any machines that are not included in this to NOT have to go through
the Firewall if possible. If not all of them I need the mail server
(residing on 192.168.1.251) to not be if possible.

I would like the following ports FORWARDED to 192.168.1.251
25 80 110 443
that way the squid will do the rules to filter out bad ports etc (right?)

I would like all machines that are clients to be Automatically FORWARDED to
port 3128 so that the rules can stpo the chatting etc

I have given links my "attempt" at this but am really stuck on it.. I
realise you have probably got better things to spend your time with but I
would be eternally grateful. this would take me HOURS but probably take you
minutes. I hope to hear from you soon

http://web.igateway.com.au/~chrislive/iptables/fw.leadside
http://web.igateway.com.au/~chrislive/iptables/fw_leadingside


Thankyou




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux