IPchains config file

IPchains config file

Post by Doug Holt » Fri, 09 Feb 2001 10:45:20



Howdy;

I don't have an ipchains config file in /etc/sysconfig.  My ipchains file in
/etc/rc.d/init.d/ refers to this file or ipchains exits.  What do I need to
do to get a config file?

Thanks

--
Doug Holtz

 
 
 

IPchains config file

Post by Bill Hudso » Sat, 10 Feb 2001 08:05:53



> Howdy;

> I don't have an ipchains config file in /etc/sysconfig.  My ipchains file in
> /etc/rc.d/init.d/ refers to this file or ipchains exits.  What do I need to
> do to get a config file?

> Thanks

> --
> Doug Holtz

you're using the stock redhat or equiv ipchains script.  What you can do
is manually set up the chains and then issue a 'service ipchains save'
which will save the chains to /etc/sysconfig/ipchains.

I prefer to set up a separate script just from the standpoint of doing
all of the firewalling stuff in one place, including turning on
forwarding, setting chains, and setting the ipmasqadm.

--
Bill Hudson

 
 
 

IPchains config file

Post by Doug Holt » Sat, 10 Feb 2001 09:06:02


Bill;

You are correct; I'm using RedHat 7.  I have built a firewall script which
is supposed to allow my internal 3 pc's access to the Internet thru this
server.  I'm never able to get it to work in masquerading mode.  Firewalling
works fine - it bl;ocks my internal machines from telnet and ftp into it
when the firewall is ON.  Something I'm doing is wrong, despite hours of
self-study.  I'll re-read some of my HOW-TO's and see if I can start this
sucker again.

Doug


> > Howdy;

> > I don't have an ipchains config file in /etc/sysconfig.  My ipchains
file in
> > /etc/rc.d/init.d/ refers to this file or ipchains exits.  What do I need
to
> > do to get a config file?

> > Thanks

> > --
> > Doug Holtz

> you're using the stock redhat or equiv ipchains script.  What you can do
> is manually set up the chains and then issue a 'service ipchains save'
> which will save the chains to /etc/sysconfig/ipchains.

> I prefer to set up a separate script just from the standpoint of doing
> all of the firewalling stuff in one place, including turning on
> forwarding, setting chains, and setting the ipmasqadm.

> --
> Bill Hudson

 
 
 

IPchains config file

Post by Rick Matthe » Sat, 10 Feb 2001 13:45:29



>I don't have an ipchains config file in /etc/sysconfig.  My ipchains
>file in /etc/rc.d/init.d/ refers to this file or ipchains exits.
>What do I need to do to get a config file?

Would you post that reference for us?

--
Thought for the day:
<http://mysite.directlink.net/matthews/smiles/started.htm>

 
 
 

IPchains config file

Post by Tyler Dalto » Sat, 10 Feb 2001 13:35:48


To my understanding, ipchains doesn't have a config file. Essentially ipchains
only does something when you tell it to. Firewalls are built via a series of
ipchains commands, and obviously you'll want these saved to a shell script
once you've got a working firewall. I'm quite sure you want to be building
your firewall via these various rules rather than searching for a config file.

- Ty


> Howdy;
> I don't have an ipchains config file in /etc/sysconfig.  My ipchains file in
> /etc/rc.d/init.d/ refers to this file or ipchains exits.  What do I need to
> do to get a config file?
> Thanks
> --
> Doug Holtz

 
 
 

IPchains config file

Post by Mike Ken » Sat, 10 Feb 2001 17:07:55


Have a look at Robert Ziegler's Linux firewall
construction tool:  you answer questions, it
generates a firewall script.

     http://www.linux-firewall-tools.com/linux/

 
 
 

IPchains config file

Post by Luke Voge » Sat, 10 Feb 2001 20:58:41



> To my understanding, ipchains doesn't have a config file. Essentially ipchains
> only does something when you tell it to. Firewalls are built via a series of
> ipchains commands, and obviously you'll want these saved to a shell script
> once you've got a working firewall. I'm quite sure you want to be building
> your firewall via these various rules rather than searching for a config file.

Yes ... and ... no. (depending on the distro)

The init scripts that come with the rpm package and possibly with some
other distros has a couple of scripts called ipchains-save and
ipchains-restore.

When you have your rules in place (usually from a manually written
script) using the ipchains-save script saves the details of your rules
in the /etc/sysconfig/ipchains file.

Using the ipchains-restore script restores/implements the rules from the
/etc/sysconfig/ipchains ruleset.
--
Regards
Luke
----
Those who cannot remember the past are condemned to repeat it.
George Santayana (1863 - 1952), The Life of Reason, Volume 1, 1905
----
http://www.bell-bird.com.au
PLEASE NOTE: Spamgard (tm) installed.

----

 
 
 

IPchains config file

Post by Carlos Veckof » Sat, 10 Feb 2001 21:12:37


Tyler Dalton escribi:

> To my understanding, ipchains doesn't have a config file. Essentially ipchains
> only does something when you tell it to. Firewalls are built via a series of
> ipchains commands, and obviously you'll want these saved to a shell script
> once you've got a working firewall. I'm quite sure you want to be building
> your firewall via these various rules rather than searching for a config file.

> - Ty


> > Howdy;

> > I don't have an ipchains config file in /etc/sysconfig.  My ipchains file in
> > /etc/rc.d/init.d/ refers to this file or ipchains exits.  What do I need to
> > do to get a config file?

> > Thanks

> > --
> > Doug Holtz

If you don't know what can you do, you can download pmfirewall, this
make all for you
--

El que nada sabe, nada y nada
 
 
 

IPchains config file

Post by Bill Hudso » Sun, 11 Feb 2001 08:38:29



> Bill;

> You are correct; I'm using RedHat 7.  I have built a firewall script which
> is supposed to allow my internal 3 pc's access to the Internet thru this
> server.  I'm never able to get it to work in masquerading mode.  Firewalling
> works fine - it bl;ocks my internal machines from telnet and ftp into it
> when the firewall is ON.  Something I'm doing is wrong, despite hours of
> self-study.  I'll re-read some of my HOW-TO's and see if I can start this
> sucker again.

There are loads of tools to help you build a script.  PMFirewall and
http://www.linux-firewall-tools.com/linux/ come to mind right away.  

There are also some pre-built firewall scripts that are pretty good.
Seawall comes to mind, although you wind up with an unnecessarily
complex (IMHO) ipchains in that case.

The trick to successful masq'ing is making sure you don't have the
services you're trying to forward running on the firewall, and making
sure you have a forward chain that matches the 'ipmasqadm portfw'
command you issue.

From your description above, I'm wondering if you are trying to access a
service on a masqueraded server from an internal machine.  (e.g.:

(internet)
  |
[firewall]
  |
 ---------
 |       |
Client  Server

Where [Client] is trying to access [Server] via the masq'ed address
provided by [firewall].  

If thats the case, be advised that it won't work. )

If you're still having problems, post some more of the details here, and
somebody here will be able to get you pointed in the right direction.
:-)  <cue Manfred>

--
Bill Hudson

 
 
 

IPchains config file

Post by Doug Holt » Mon, 12 Feb 2001 10:40:02


Thanks;

I've been to this site and saved my firewall a month ago.  I can't get
masquerading working.  The firewall works fine - I start the firewall
manually and it won't let anything connect.  I stop the firewall and I can
login.  But no masquerading even tho this is "enabled".

Any ideas?

Doug


> > Bill;

> > You are correct; I'm using RedHat 7.  I have built a firewall script
which
> > is supposed to allow my internal 3 pc's access to the Internet thru this
> > server.  I'm never able to get it to work in masquerading mode.
Firewalling
> > works fine - it bl;ocks my internal machines from telnet and ftp into it
> > when the firewall is ON.  Something I'm doing is wrong, despite hours of
> > self-study.  I'll re-read some of my HOW-TO's and see if I can start
this
> > sucker again.

> There are loads of tools to help you build a script.  PMFirewall and
> http://www.linux-firewall-tools.com/linux/ come to mind right away.

> There are also some pre-built firewall scripts that are pretty good.
> Seawall comes to mind, although you wind up with an unnecessarily
> complex (IMHO) ipchains in that case.

> The trick to successful masq'ing is making sure you don't have the
> services you're trying to forward running on the firewall, and making
> sure you have a forward chain that matches the 'ipmasqadm portfw'
> command you issue.

> From your description above, I'm wondering if you are trying to access a
> service on a masqueraded server from an internal machine.  (e.g.:

> (internet)
>   |
> [firewall]
>   |
>  ---------
>  |       |
> Client  Server

> Where [Client] is trying to access [Server] via the masq'ed address
> provided by [firewall].

> If thats the case, be advised that it won't work. )

> If you're still having problems, post some more of the details here, and
> somebody here will be able to get you pointed in the right direction.
> :-)  <cue Manfred>

> --
> Bill Hudson

 
 
 

IPchains config file

Post by Doug Holt » Mon, 12 Feb 2001 10:48:13


Rick;

This is from Gerhard Mourani's scripts.  His book on securing RedHat is
based on version 6.2 and I have version 7.  I've read his text and it is
referenced there.  The firewall I designed on-line does not have this
reference.  I get a lot of error messages when I start the firewall, so
there may be a version issue.

I'm going to work on it this weekend and then if all fails again, I'll start
from scratch again.  ARGH

Doug



> >I don't have an ipchains config file in /etc/sysconfig.  My ipchains
> >file in /etc/rc.d/init.d/ refers to this file or ipchains exits.
> >What do I need to do to get a config file?

> Would you post that reference for us?

> --
> Thought for the day:
> <http://mysite.directlink.net/matthews/smiles/started.htm>

 
 
 

1. translating kppp config files to ppp config files

Is there a tool to convert the kppp config files to ppp config files, so
that I can run ppp before X is up?  If not, can anyone tell me how to
setup ppp from console?

--
Interested in Linux-Mandrake on laptops? Mail me!

Sent via Deja.com http://www.deja.com/
Before you buy.

2. SunPro compilers -- cc and acc, what's the difference?

3. ipchains rules for this config...

4. test..

5. ipchains config for 2 nets?

6. Problem with FW_FORWARD_MASQ_TCP

7. ipchains logging config

8. evans@kiss.de

9. Ipchains Config

10. RH 7.1 Firewall Config IPChains probs

11. Sample ipchains configs for cable modem

12. ipchains config for ssh.

13. ipchains config problem??