IP CHAINS
Greetings,
I've spent most of the day exploring the world of firewalling with Debian 2.0.
if I use ipfwadm-wrapper with the following commands, everything works
properly. Like so:
ipfwadm-wrapper -F -a accept -P tcp -S 0/0 1024:65535 -D 172.16.0.2 http
ipfwadm-wrapper -I -a accept -P tcp -S 0/0 1024:65535 -D 172.16.0.2 http
ipfwadm-wrapper -O -a accept -P tcp -S 0/0 1024:65535 -D 172.16.0.2 http
172.16.0.2 is the private IP of the webserver. Anyway, the above commands
work just fine. However, I "translated" them to ipchains, which is native
to debian 2.0, and much faster than ipfwadm-wrapper, according to all of
the FAQs, support pages, and related information on ipfwadm-wrapper.
I ended up with this:
ipchains -A input -p tcp -s 0/0 1024:65535 -d 172.16.0.2 80
ipchains -A forward -p tcp -s 0/0 1024:65535 -d 172.16.0.2 80
ipchains -A output -p tcp -s 0/0 1024:65535 -d 172.16.0.2 80
I had tried putting them in different order, but that seemingly doesn't
make a difference. What I'm trying to do here is have all HTTP requests
that hit my linux box, be routed as-is to the webserver (and eventually
other servers) hiding behind it.
Thanks in advance for any assistance. I've downloaded and printed out
many, many faqs, but I think I don't understand the input/forward/output
part well enough to really grasp whatever it is I'm missing here.
Frederic Breitwieser
Bridgeport, CT 06606
Homebrew Automotive Website:
http://www.xephic.dynip.com/
Wanted - RWD Buick Flywheel that fits the 3.8L / 4.1L!
-
Reply to: