On Fri, 2002-11-01 at 15:46, Alejandro González Hernández - Imoq wrote: > On Fri, 2002-11-01 at 01:51, Michael Schwendt wrote: > > > You did put default deny policies??? Then you can forget about > > trying to get it right. Please go back to one of my early replies > > where I mentioned you would need a rule in the FORWARD chain to > > accept outgoing traffic to your LAN unless your default policy is > > ACCEPT. And your example of /etc/sysconfig/iptables *did* contain > > ACCEPT default policies. > > > > I'd like to see the full output of "iptables-save". > > Here is it: > > [root@imoqland root]# cat /etc/sysconfig/iptables > # Generated by iptables-save v1.2.6a on Thu Oct 31 14:25:30 2002 > *mangle > :PREROUTING ACCEPT [560108:108371236] > :INPUT ACCEPT [434537:90320860] > :FORWARD ACCEPT [163:9484] > :OUTPUT ACCEPT [169065:19276317] > :POSTROUTING ACCEPT [175473:20023241] > COMMIT > # Completed on Thu Oct 31 14:25:30 2002 > # Generated by iptables-save v1.2.6a on Thu Oct 31 14:25:30 2002 > *nat > :PREROUTING ACCEPT [255232:37397118] > :POSTROUTING ACCEPT [20187:1660015] > :OUTPUT ACCEPT [20131:1656818] > [42:2532] -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT > --to-destination 192.168.105.220:80 > COMMIT > # Completed on Thu Oct 31 14:25:30 2002 > # Generated by iptables-save v1.2.6a on Thu Oct 31 14:25:30 2002 > *filter > :INPUT ACCEPT [48719:35011105] > :FORWARD ACCEPT [163:9484] > :OUTPUT ACCEPT [169033:19272646] > :RH-Lokkit-0-50-INPUT - [0:0] > [434536:90320795] -A INPUT -j RH-Lokkit-0-50-INPUT > [0:0] -A FORWARD -s 192.168.105.220 -i eth1 -p tcp -j LOG --log-prefix > "FORWARD: " > [35:3440] -A FORWARD -p tcp -m tcp --dport 80 -j LOG > [83643:8738141] -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j > ACCEPT > [5:300] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags > SYN,RST,ACK SYN -j ACCEPT > [4753:627208] -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT > [272361:43190457] -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT > [0:0] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT > [0:0] -A RH-Lokkit-0-50-INPUT -s 192.168.1.169 -p udp -m udp --sport 53 > -j ACCEPT > [255:18712] -A RH-Lokkit-0-50-INPUT -s 200.33.79.237 -p udp -m udp > --sport 53 -j ACCEPT > [223:14812] -A RH-Lokkit-0-50-INPUT -s 200.33.79.239 -p udp -m udp > --sport 53 -j ACCEPT > [2378:125812] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags > SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable > [22199:2594248] -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT > --reject-with icmp-port-unreachable > COMMIT > # Completed on Thu Oct 31 14:25:30 2002 > > > Notice the line where it says: > > [272361:43190457] -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT > > So, it is accepting all traffic coming from private network, isn't it? > > -- > ¡Sé libre, usa software libre! > Be free, use free software! > http://www.imoqland.com/ > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list If you are using webmin (www,webmin.com), then I would suggest turtlefirewall (just do a search on google) Once you build your items list, just go to the rules section & happily "apply" away :)! -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
