OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: IPChains newbie and DNS queries
From: ___cliff rayman___ (cliffGENWAX.COM)
Date: Fri Oct 06 2000 - 16:51:17 CDT

nobody else answered so i'll take a stab at it. i have done alot with the old ipfw but hardly anything with ipchains. one thing i did notice, was that there was no -j ACCEPT after the ICMP, also, don't you need to add the following to answer a ping?

ipchains -A eth1in -p ICMP -s any/0 ping -j ACCEPT

Alvaro Garriga wrote:

> I am new to ipchains. I am trying to set up my linux box as a Firewall/DNS Name
> caching server
> Here is my setup my dns server forwards its queries to 24.4.125.33
>
> I have read the ipchains HOW-TO and still can not solve these
> I follow Rusty three Lines to MASQ and I can ping any site on the net then
> I add the following rules and as I add then I try pinging a site but ping hangs
>
> ipchains -P input DENY
> ipchains -A eth1in -p UDP -d 24.4.125.33 domain -j ACCEPT
> ipchains -A eth1in -p UDP -s 24.4.125.33 domain -j ACCEPT
> ipchains -A eth1in -p TCP -d 24.4.125.33 domain -j ACCEPT
> ipchains -A eth1in -p TCP -s 24.4.125.33 domain ! -y -j ACCEPT
> ipchains -A eth1in -p ICMP -s any/0 destination-unreachable
> ipchains -A input -i eth0 -j REJECT
>
> What am I missing here ?
>
> Thanks Alvaro 

--
___cliff rayman___cliffgenwax.com___http://www.genwax.com/