Ipchains firewall and icq2k

Ipchains firewall and icq2k

Post by Compagnia Italiana Compute » Sat, 02 Jun 2001 18:20:14



I can't manage my firewall to allow masq of ICQphone feature of icq2k, can
anyone help me out? i know there's a module that allow icq99 masq but not
icq2k :(

Please help me

 
 
 

1. IPChains firewall behind firewall problem

Question for you all:

I'm currently working on building a RH7.1 router and firewall for a local
company.  I'm currently testing it on my home network, which is composed
of several boxes behind another Linux router/firewall.  

Here's the problem I'm running into on the new firewall.  I'm mostly
concerned with incoming connections, not outgoing.  So, I have defaults of
ACCEPT for output and forward, but REJECT for input.  I have rules as
such:
_____
-A input -s 192.168.1.1/255.255.0.0 -i eth0 -j ACCEPT
-A input -s 192.168.1.1/255.255.0.0 -i eth1 -j ACCEPT
-A input -s my.home.ip.address -j ACCEPT
-A input -s my.work.subnet/255.255.255.0 ssh -p tcp -j ACCEPT
-A input -s my.work.subnet/255.255.255.0 ssh -p udp -j ACCEPT
_____

Now, if I connect to a website on my internal network, with lynx,
everything looks fine.  If I try to connect to an external website, say
cnn.com, it fails on this machine only.  It passes on the other machines.  
If, however, I change the defualt policy on input to ACCEPT, everything is
just peachy.

My stab-in-the-dark guess is that something in the traffic getting
firewalled twice(once at new firewall, once at usual) is causing the
problems.  Trouble is, I don't know WHAT, quite frankly.  I have a line in
there that allows any input connection from any local machine(which would
include the firewall). Because of this, I don't see why suddenly allowing
ACCEPT on input would work.  

Output of ipchains -L is below, with offending IP addresses subbed.  Any
help is appreciated.

________
Chain input (policy REJECT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  192.168.1.1          anywhere              domain
->   any
ACCEPT     all  ------  192.168.0.0/16       anywhere              n/a
ACCEPT     all  ------  192.168.0.0/16       anywhere              n/a
ACCEPT     all  ------  my.home.ip.addy      anywhere
n/a
ACCEPT     tcp  ------  my.work.subnet/24       anywhere              ssh ->
any
ACCEPT     udp  ------  my.work.subnet/24       anywhere              ssh ->
any
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
________

Thanks!

--

"Some men take it personally and are totally offended that you won't
accept THEIR precious and speshul DNA, because THEIR'S is DIFFERENT.  
'Look what Og do!  Og make more Ogs!'" - 6kats on asc

2. How could I change the timezone ...

3. Matrox Mystique ands X.

4. login_getclass: unknown class 'root'

5. ICQ ipmasq module for ICQ2k?

6. voicemail type thing for linux?

7. ipchains firewall, problems with looking up IPs

8. aix 4.3.3 passwd problem

9. VPN from Win98 Client thru IPCHAINS+IPMASQ firewall

10. ipchains-firewall v1.6-Masquerade

11. Firewall logging and ipchains?

12. IPCHAINS Firewalling

13. ipchains and linux firewall is very slow