[TriLUG] iptables/ipchains (WAS: Security woes)

That One Guy trilug at ichi.net
Thu Jan 17 17:21:19 EST 2002 

All this is assuming you still can't get into your box from the network.   
Also, I apologize if I'm being repetative.  Ignore this if you can get into 
the box on the local segment of the box, but not from outside your firewall. 

Ok.  Maybe we should back up a step and see if ipchains or iptables is even 
running.

Try both of these to list active rules:  "ipchains -L -n"   and   
                                                    "iptables -L -n".  

If all you see are ACCEPTs then it's not a firewall problem keeping you from 
getting into the box.  

If you have firewall rules then you can clear all rules like so:  
   "iptables -F ; iptables -X"  <-- yes that's a semi-colon
   OR  "ipchains -F"

Now, try to list your rulesets again to make sure there aren't any using the 
commands above (-L -n).

If you have all ACCEPT statements and you still can't connect to that box 
over the network then you don't have a firewall problem.

Hope this helps,
Wyman


On Thursday 17 January 2002 04:52 pm, Vestal, Roy L. wrote:
> Argh!! I don't have ipchains or iptables setup. I don't mind learning
> either, but I don't know where to start and what to look for on this
> problem.
>
> Again, I just want to allow telnet, ftp, and vnc into the box from behind
> our firewall, not from "the outside world". I didn't install this machine
> with a firewall (RHL7.2 with "no firewall" option during setup.)
>
> -----Original Message-----
> From: Tanner Lovelace [mailto:lovelace at wayfarer.org]
> Sent: Thursday, January 17, 2002 4:46 PM
> To: trilug at trilug.org
> Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)
>
> On Thu, 2002-01-17 at 16:37, Vestal, Roy L. wrote:
> > Okey. I started poking around and found this:
> > >service ipchains status
> >
> > ipchains: Incompatible with this kernel
> >
> > I'm assuming the above is my problem.  Now, what do I look for in my
>
> kernel
>
> > config to make sure I have everything setup correctly?  This is a custom
> > 2.4.16 kernel with Win4Lin support and ext3 patch.
>
> IPChains was for the 2.2 kernel.  For the 2.4 kernel you really
> should consider using iptables.  It will do everything ipchains
> will, and it's easier to understand.  If you already have
> a good ipchains setup, however, you can load the 'ipchains' module
> which will allow you to use ipchains with the 2.4 kernel.
>
> Tanner

More information about the TriLUG mailing list