Still this simple firewall is not allowing traffic from me ISP and the CLIENT but traffic on the LAN is flowing , all i want to do is allowa traffic from me to the client , the client has squid so there is no need for masquarading .Hw do i do that with tis firewall. # Setting default to deny all /sbin/ipchains -P input DENY /sbin/ipchains -P output DENY /sbin/ipchains -P forward DENY #allowing localhost /sbin/ipchains -A input -j ACCEPT -p all -s localhost -d localhost -i lo /sbin/ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i lo #Deny packets from internet claiming to be from localhost and log /sbin/ipchains -A input -j REJECT -p all -s localhost -i ppp0 -l #Deny packets that mimic internal IPs and log /sbin/ipchains -A input -j REJECT -p all -s clientLAN/24 -i ppp0 -l #Allow packets from ISP /sbin/ipchains -A input -j ACCEPT -p all -s ISPrange/24 -d ientLAN/24 -i ppp0 #Allow packets from LAN /sbin/ipchains -A output -j ACCEPT -p all -s client/24 -d ISPrange/24 -i ppp0 #Allow outgoing packets thru internal interface /sbin/ipchains -A input -j ACCEPT -p all -s clientLAN/24 -i eth0 /sbin/ipchains -A output -j ACCEPT -p all -s clientLAN/24 -i eth0 ----- Original Message ----- From: "Joe Szilagyi" <js@xxxxxxxx> To: <drack@xxxxxxxxxx> Sent: Saturday, July 17, 2004 2:38 AM Subject: Re: IPCHAINS > What was the solution out of curiosity? > > Regards, > Joe > > > > > ----- Original Message ----- > From: "Duncan" <drack@xxxxxxxxxx> > To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> > Sent: Friday, July 16, 2004 6:42 AM > Subject: Re: IPCHAINS > > > YOU MAY TRASH THE QUESTION , I HAVE SORTED IT OUT > THANKS > > ----- Original Message ----- > From: "Duncan" <drack@xxxxxxxxxx> > To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> > Sent: Friday, July 16, 2004 9:10 AM > Subject: IPCHAINS > > > would the following ipchains stop tcp connections from anyone else other > than iprange , the ips in LAN 195.167.2.0/24 > > /sbin/ipchains -F > /sbin/ipchains -P input -p tcp DENY > /sbin/ipchains -A input -p tcp -s iprange/24 -d 195.167.2.0/24 -j > ACCEPT > /sbin/ipchains -A input -p udp -s iprange/24 -d 195.167.2.0/24 -j > ACCEPT > /sbin/ipchains -A input -p icmp -s iprange/24 -d 195.167.2.0/24 -j > ACCEPT > > Please advice > > -------------------------------------------------------------------------- -- > --------------------------- > Duncan Rack > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
