'whois' does not work through using forwarding and firewall.

'whois' does not work through using forwarding and firewall.

Post by Steven J. Hil » Mon, 12 Apr 1999 04:00:00



Greetings. I putting the finishing touches on my firewall, but notice that when I
use 'whois' on one of my Linux boxes behind my firewall (which is using 2.2.5
kernel,
ipchains 1.3.8 and diald 0.16 and masquerading) that the reply does not make it
through. Below are the lines in my 'rc.firewall' script. Everything else like
HTTP,
FTP, SSH, etc. make it just fine. Also, if there is anything that I am blatantly
missing please let me know. Thanks in advance.

-Steve

*********************
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipchains -P input   DENY
ipchains -P forward DENY
ipchains -P output  ACCEPT
ipchains -A input -i ppp0 -s 192.168.10.0/24 -l -j DENY
ipchains -A input -i ppp0 -s 127.0.0.1/32 -l -j DENY
ipchains -A input -i ppp0 -s 0/0 -d 192.168.10.255/32 -l -j DENY
ipchains -A input -i ppp0 -s 0/0 -d xxx.xxx.xxx.255/32 -l -j DENY
ipchains -A input -i ppp0 -s 0/0 -d xxx.xxx.xxx.xxx/32 -j ACCEPT
ipchains -A input -s 192.168.10.0/24 -d 0/0 -j ACCEPT
ipchains -M -S 7200 300 300
ipchains -A forward -s 192.168.10.0/24 -j MASQ

 
 
 

1. REPOST: 'whois' does not work through using forwarding and firewall.

Greetings. I putting the finishing touches on my firewall, but notice that when I
use 'whois' on one of my Linux boxes behind my firewall (which is using 2.2.5
kernel, ipchains 1.3.8 and diald 0.16 and masquerading) that the reply does not
make it through. Below are the lines in my 'rc.firewall' script. Everything
else like HTTP, FTP, SSH, etc. make it just fine. Also, if there is anything
that I am blatantly missing please let me know. Thanks in advance.

-Steve

*********************
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipchains -P input   DENY
ipchains -P forward DENY
ipchains -P output  ACCEPT
ipchains -A input -i ppp0 -s 192.168.10.0/24 -l -j DENY
ipchains -A input -i ppp0 -s 127.0.0.1/32 -l -j DENY
ipchains -A input -i ppp0 -s 0/0 -d 192.168.10.255/32 -l -j DENY
ipchains -A input -i ppp0 -s 0/0 -d xxx.xxx.xxx.255/32 -l -j DENY
ipchains -A input -i ppp0 -s 0/0 -d xxx.xxx.xxx.xxx/32 -j ACCEPT
ipchains -A input -s 192.168.10.0/24 -d 0/0 -j ACCEPT
ipchains -M -S 7200 300 300
ipchains -A forward -s 192.168.10.0/24 -j MASQ

2. US-TX-HOU Unix System Administrator

3. using 'whois' via proxy

4. Linux rescued my Windows Install

5. How to browse internt thru' LAN's MS proxy server (also serving as firewall)

6. I like linux

7. Arno Firewall question: Internal PC's can't get to IP forwarded service/webserver

8. Mag DX15T Monitor timings

9. Firewall script not keeping ip's during forward (iptables).

10. Whois not working with firewall

11. PROBLEM: 'sed' script 's/^ /\n/' not working properly

12. working DNS == X thru SSH don't work..

13. ipfwadm won't forward masqueraded packets thru I/O rules