On Sat,02.May.09, 06:15:04, Paul Cartwright wrote: > On Sat May 2 2009, Andrei Popescu wrote: > > > part of the problem was 2 files I had worked on that did give me > > > errors, and I removed them. 1 was ipv6, > > > > Do yo mean the module? If you don't want it loaded (though I have it and > > there are no problems) just blacklist it in a file (ex. 00local.conf) > > under /etc/modprobe.d/ with > > > > blacklist ipv6 > > actually, I was trying to setup IPv6, but I don't think my router supports it. > So it isn't necessary. I'm not sure anything is loaded for ipv6.. how would I > check? You don't need to worry about it. > > > the other was an iptables entry. I was trying to add an iptables entry > > > to allow ssh & http ports. I can get this to work from a shell script, > > > > I saw in the (sniped) output above that you also use firestarter. I > > don't think it's a good idea to mix firewall frontends with custom rules > > in some script. Pick one and stick to it. > > > > If firestarter can't do what you need (or don't know how to configure > > it) just ask for help, there are many others (personally I prefer > > shorewall, it's quite easy to setup and very powerful). > > ok, so I have firestarter installed: > > ii firestarter 1.0.3-6 gtk program for managing and observing your > > what I want is a rule tht allows http for my web page to port forward from my > router to my desktop, and also allow me to ssh into my desktop from my > laptops. Right now I have it setup to use ssh keys for security, and I have > to run that script every time i boot, to get my http ports open. > How do I get that done with iptables automatically at boot? > right now this is my script, but I'm not at all sure this is exactly what i > need to run: > iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT > iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT > /sbin/iptables -N ssh-connection > /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m > recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j > LOG --log-prefix "SSH_brute_force " > /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m > recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP > /sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m > recent --set --name SSH -j ACCEPT Sorry, I'm not familiar with either iptables or firestarter. You might want to start a new thread about this. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Attachment:
signature.asc
Description: Digital signature