ipchains (auth th fora paw na trelathw)

Filippos Slavik slavik at alfa.gr
Sun Sep 12 13:17:42 EEST 1999


Geia xara paides! Auth th fora antimetwpizw ena problima allo prama
pou paei na me trelanei. Setarw loipon ena linuxaki to opoio mesa apo
firewall prospathei na kanei mount ena nfs fs. As poume loipon oti to
mhxanaki sto opoio trexei o nfs server einai o server.ip kai o nfs
client o client.ip. To firewall trexei ston client.ip.

Sto firewall config mou afou kanw

ipchains  -P input  REJECT

kai gia afhsw ola ta alla ports pou me endiaferoun (ektos twn allwn)
dinw:

ipchains -A input -i eth0 -p tcp -s server.ip 111 -d client.ip -j
ACCEPT
ipchains -A input -i eth0 -p udp -s server.ip 111 -d client.ip -j
ACCEPT
ipchains -A input -i eth0 -p tcp -s server.ip 635 -d client.ip -j
ACCEPT
ipchains -A input -i eth0 -p udp -s server.ip 635 -d client.ip -j
ACCEPT
ipchains -A input -i eth0 -p tcp -s server.ip 2049 -d client.ip -j
ACCEPT
ipchains -A input -i eth0 -p udp -s server.ip 2049 -d client.ip -j
ACCEPT

# kai auto gia na dw, mipws tipota allo kobetai
ipchains -A input -i eth0 -s server.ip -d client.ip -l -j REJECT


Me to parapanw config kanw mount to remote nfs, alla molis paw na to
kanw ls mou bgazei sto /var/log/messages pws

kobontai ta:

Sep 12 13:52:45 kerveros kernel: Packet log: input REJECT eth0
PROTO=17 server.ip:65535 client.ip:65535 L=576 S=0x00 I=26460 F=0x00B9
T=64

wraia lew.. kobontai ta udp apo to server.ip sto client.ip portes
65535 kai apo tis dyo meries (? ti sto kalo einai auto).. omws sta
config tou firewall (kai fysika prin na kopsw otidipote apo to
server.ip) lew pws:

ipchains -A input -i eth0 -p tcp -d client.ip --destination-port
1024: -l -j ACCEPT
ipchains -A input -i eth0 -p udp -d client.ip --destination-port
1024: -l -j ACCEPT

kanonika loipon eprepe na pernage to paketo pou o kernel ekopse..

Se katastasi loipon apognwsis prin apo to

ipchains -A input -i eth0 -s server.ip -d client.ip -l -j REJECT

bazw kai to:

ipchains -A input -i eth0 -p udp -s server.ip --source-port 65535 -d
client.ip --destination-port 65535 -j ACCEPT -l

mpas kai perasei... alla mia apo ta idia... Telika gia na doulepsei
prepei na balw to

ipchains -A input -i eth0 -s server.ip -d client.ip -l -j ACCEPT

diladi, oti erxete apo ton server.ip asto na perasei ston client.ip
.... Ala ela nte pou auto einai kara-trypa!


Mhpws exete kamia idea, ti sto kalo ftaei ? Gia thn istoria o
client.ip trexei 2.2.5 kai o server.ip 2.0.34. Enw ta ipchains pou exw
einai ta 1.3.9.

Slavikos

################################################################
   Filippos Slavik
   Part of the SIAMS's implementation development team. For more
   information, please check http://www.siams.net

   e-mail : slavik at alfa.gr

 ################################################################

 "The software said 'runs on Win95 or better,' so I installed
  it on Linux..."



--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/archives
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================



More information about the Linux-greek-users mailing list