IPCHAINS continued
Still playing with my firewall project, and having a lot of fun.
Here is what I've done so far. When ppp0 dials into the internet, it makes
a connection, and runs ip-up script, which I've added the following commands:
# allow internal boxes out through the 3c509b card, all ports.
ipchains -A input -i eth0 -j ACCEPT
# allow http in
ipchains -A input -d $1 80 -j ACCEPT -p tcp
# allow ftp in
ipchains -A input -d $1 21 -j ACCEPT -p tcp
# allow pop3 in
ipchains -A input -d $1 110 -j ACCEPT -p tcp
# allow smtp in
ipchains -A input -d $1 25 -j ACCEPT -p tcp
# allow mta in
#ipchains -A input -d $1 ??? -j ACCEPT -p tcp
The above configures what tcp ports I allow in my firewall. This is good,
this works, and that's swell.
Now, the above ports have to be routed or forwarded to hidden private IP
addresses, like so:
# forward http
ipportfw -A -t $1/80 -R 172.16.0.20/80
# forward ftp
ipportfw -A -t $1/21 -R 172.16.0.20/21
# forward pop3
ipportfw -A -t $1/110 -R 172.16.0.20/110
# forward smtp
ipportfw -A -t $1/25 -R 172.16.0.20/25
# forward mta
#ipportfw -A -t $1/??? -R 172.16.0.20/???
Then, I close the fireall with :
# close the rest of the linux box
ipchains -A input -i ppp0 -j DENY
The ipportfw commands fail, returning an error message as follows:
Setsockopt failed: protocol not available.
I scanned through the manpages, but unclear what this error means. I'm
running Debian 2.0 (hamm?) and only want to use this PC as a firewall.
Thanks for any assistance. See, I'm making progresses :)
Frederic Breitwieser
Bridgeport, CT 06606
Homebrew Automotive Website:
http://www.xephic.dynip.com/
Wanted - RWD Buick Flywheel that fits the 3.8L / 4.1L!
-
Reply to: