Re: IPChains rules.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 16 Jan 2002, Bruno Gimenes Pereti wrote:

> Hello,
> 
> I have 3 NIC in my NAT (IPChains) and want to know what does it do if I
> write the rules without the -i option. Does it aply the rules for all NICs
> or just for eth0. For examples, if I write:

Yes if you wont specify the interface then the rule is applied to all the 
interfaces. Dont forget the loopback device.

> 
> input -s 0/0 -d 0/0 22 -p tcp -j REJECT
> output -s LocalIP/32 -d 0/0 22 -p tcp -j ACCEPT
> 
> Does it REJECT ssh packets from my intranet 192.168.1.0/24 (eth1) to outside
> (eth0)?
See here whatever the incoming packets on all the ports is being rejected. 
Your rule wont work in this way.

> 
> Another thing, if I have squid running in this machine does I need to ACCEPT
> packets from intranet to port 3128?
> 
Yes you should allow this port to access from intranet. And dont forget to 
allow access from proxy server to outside world port 80.


> Thank's
> 
> Bruno Pereti.
> 
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.
> 
> 
> 

Regards
-- 
Dharmendra.T
Linux Security Expert
www.nsecure.net
This message is intended for the addressee only. It may contain privileged
or confidential information. If you have received this message in error,
please notify the sender and destroy the message immediately. Unauthorised
use or reproduction of this message is strictly prohibited.


------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux