[lug] IPCHAINS again.

John Starkey jstarkey at advancecreations.com
Mon Oct 16 20:12:12 MDT 2000

Kevin, Chip, and Justin thanks for the replies.

I just sat down and went piece by piece thru the firewall and finally got
the thing to work. It turns out that there were several things I was doing
wrong. I've been to the ipchains-HOWTO so many times and there are a few
things that have slipped through the holes (in my brain :} ). The port
specs that Kevin pointed out for one. 

Thanks again,


On Tue, 17 Oct 2000, Kevin Fenzi wrote:

> >>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
> John> I'm setting up a remote machine, so I don't wanna lock myself
> John> out, and as many of you know I have really bad luck with
> John> ipchains.
> John> ipchains -P input DENY ipchains -P output DENY ipchains -P
> John> forward DENY
> John> ipchains -A input -p tcp -s xx.xx.xx.xx -d xx.xx.xx.xx 22 -j
> John> ACCEPT ipchains -A output -p tcp -s xx.xx.xx.xx -d xx.xx.xx.xx
> John> 22 -j ACCEPT
> John> This should allow me to SSH in while I config the rest of the
> John> rulesets, correct??
> almost. 
> The output rule is wrong...
> you have:
> ipchains -A output -p tcp -s xx.xx.xx.xx -d xx.xx.xx.xx 22 -j ACCEPT
> What you want is:
> ipchains -A output -p tcp -s xx.xx.xx.xx 22 -d xx.xx.xx.xx -j ACCEPT
> ie, for the output rule, the source will be the local machine's IP
> port 22 (ssh) and going to your machine (any port)
> John> Thanks,
> John> John
> kevin
> -- 
> Kevin Fenzi
> MTS, tummy.com, ltd.
> http://www.tummy.com/  KRUD - Kevin's Red Hat Uber Distribution
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list