For better stateful packet inspection I would recommend moving your firewall from ipchains -> iptables which has a better stateful engine... This will watch the related packets (ie- ftp & ftp-data) as well as the connections already established... Jeremy T. Bouse Andrew Perrin was said to been seen saying: > Apologies if I've already asked this - I can't remember anymore! > > I now have a DSL connection, and as such would like to use ipchains to do > the following: > > 1.) Deny all incoming packets coming in on eth1 (the card connected to the > DSL gateway) except those destined for port 22 (ssh) or ICMP packets, or > of course packets responding to outgoing packets; and > > 2.) Make masqueraded connections from other machines on my private network > never time out. > > I've been working on it, but keep running into brick walls. > > > Thank for any advice- > Andy > > ---------------------------------------------------------------------- > Andrew J Perrin - andrew_perrin@unc.edu - http://www.unc.edu/~aperrin > Asst Professor of Sociology, U of North Carolina, Chapel Hill > 269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA > > > > -- > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org -- ,-----------------------------------------------------------------------------, |Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC - www.UnderGrid.net | | Public PGP/GPG key available through http://wwwkeys.us.pgp.net | | If received unsigned (without requesting as such) DO NOT trust it! | | jbouse@Debian.org - NIC Whois: JB5713 - Jeremy.Bouse@UnderGrid.net | `-----------------------------------------------------------------------------'
Attachment:
pgpbO7W8BiIhW.pgp
Description: PGP signature