Sample firewall/masq rules for dialup and non-dialup posted (ipfwadm only)

Sample firewall/masq rules for dialup and non-dialup posted (ipfwadm only)

Post by Scott Simpso » Fri, 03 Sep 1999 04:00:00



I have posted a set of firewall rules you can use for dialup and non-dialup
Internet access at http://home.earthlink.net/~simpson3.  Unfortunately, this
only works with the 2.0.x kernel, not the newer 2.2.x kernels which use
ipchains. That being said, conversion probably is pretty easy.
    Scott
 
 
 

1. Ipfwadm: about input rules and masq

Hi,

my lan surf the web through a firewall running rh 5.2, kernel 2.0.36 and
diald 0.16.5.
The lan is masquerated:
/sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 #(should I add "-W
eth0"?)

The lan uses private ip addresses like 192.168.1.X
My ISP uses dynamic IP address.
Win clients open/close the connection through dialmon.

Days ago, I clocked debug to 1 in diald.conf, looking for traffic which
made sometimes diald keep calling without request.

Monitorin /var/log/messages, I discovered:

P.S.: suppose FIP = firewall's dynamic IP address, as provided from my
ISP;
              PIP = remote IP address (my ISP's server);
              LANIP = lan's private ip address of the client that's connecting
                      to the web.              

..diald[238] filter accepted rule 1 ... packet FIP, 61100 => PIP,53
..diald[238] filter accepted rule 1 ... packet PIP, 53 => LANIP,1026
                                                          ^^^^^
The firewall send requests for the client (and that's ok), but the
answers come to the clients inside the lan ?
Shouldn't they not exist for everyone beyond the firewall ?

Imput rules are:
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -f
/sbin/ipfwadm -I -a accept -S 192.168.1.0/24 -D any/0
/sbin/ipfwadm -I -a accept -S 127.0.0.1 -D any/0
/sbin/ipfwadm -I -a accept -P tcp -S any/0 -D any/0 1024:65535
/sbin/ipfwadm -I -a accept -P udp -S any/0 -D any/0 1024:65535

Forward policy is deny

I need help

Thanx

Ste

2. Session Data in multiple browser windows: Configuration of Unix vs. Windows Apache?

3. Please send me your ipfwadm and masq. rules

4. fdopen()

5. help needed with ipfwadm rules on masq host

6. Handling privileged operations securely

7. Ipchains rules loaded after dialup?

8. How do I make my HP Deskjet 820CXi work in Solaris x86 ver 2.5

9. Ipchain rule for my dialup friend

10. BIND config for DNS on dialup masq proxy for private LAN

11. ipfwadm firewall rules setup help

12. Login failure for non-interactive dialups

13. Non-ISP dialup