Re: no way to get out [stupid me,I sent it to the boot list]

To: Debian firewall list <debian-firewall@lists.debian.org>
Subject: Re: no way to get out [stupid me,I sent it to the boot list]
From: Eddy Petrisor <eddyp-guest@userbeam.de>
Date: 06 Apr 2004 21:08:01 +0300
Message-id: <[🔎] 1081274909.18554.20.camel@milka>

-----Forwarded Message-----

> From: Eddy Petrisor <eddyp-guest@userbeam.de>
> To: Debian Boot list <debian-boot@lists.debian.org>
> Subject: Re: no way to get out
> Date: 06 Apr 2004 20:04:15 +0300
> 
> On Tue, 2004-04-06 at 17:42, Douglas Maxwell wrote:
> > On Sun, Apr 04, 2004 at 11:12:33PM +0300, Eddy Petrisor wrote:
> > > I made it with firewall builder, as I found it more suitable for myself
> > > as a beginer. Everything works ok for the users behind the firewall
> > > (private class addresses) but from the server I can't access the
> > > internet, nor the internal network...
> > > 
> > The rule you want would have your firewall object in the source
> > column, "Any" in the destination column, and "Any" or whatever
> > services you want to allow out from your server/firewall in the
> > service column, with Action set to "Accept", of course.
> I had a hunch it was that and already done that...
> 
> > If you want
> > to browse the 'net from the firewall itself, make sure to allow DNS
> > queries out from that box (there is a predefined group for that in
> > fwbuilder).
> > 
> What version of fwbuider do you use? I have 1.0.0-2, and I can't find
> any DNS .... no, wait! dns tcp, right? what if I leave firewall:source
> dest:any port:any accept , and the next, src:any  dest:fw port:any deny?
> 
> my fw is not a DNS, just a gateway..
> > 
> > Using the firewall object itself in the source column with "Any" in
> > the destination column will allow traffic originating on your
> > firewall to go anywhere, internal or out to the Internet. If you
> > wanted to restrict traffic based on interface, you would have to use
> > the interface object in the source column.
> > 
> again, what version? I can't find any interface object, but hosts (I got
> the ideea, but they could have made it cleaerer, luckly they got the
> ideea right by now, as I see on their site and you statement...)
> 
> > BTW, connections originating from the firewall traverse iptable's
> > OUPUT chain.
> > 
> I see there are differences again, but I got the point.
> (for me firewall-> iterfaces tab->policy attached to interface..)
> 
> > HTH,
> > 
> > Doug
> > 
> Thanks,
> 
> Eddy
>

Reply to:

Follow-Ups:
- Re: no way to get out
  - From: Douglas Maxwell <doug@turinglabs.com>

Prev by Date: Re: IPtables and/or firewall-easy?
Next by Date: anti spoofing / network address
Previous by thread: Re: IPtables and/or firewall-easy?
Next by thread: Re: no way to get out
Index(es):
- Date
- Thread