[ale] sunday morning ipchains

Sun Aug 4 13:45:24 EDT 2002

Don't you need to use portforwarding to give access to your FTP server?
I've always used ipmasadm portfw to allow incoming connections...I
think.

Note: This is off the top of my head.  I don't have acccess to my
firewall script right now.

Thanks

Jonathan

-----Original Message-----
From: jason vinson [mailto:jvinson at snapserver.com] 
To: ale at ale.org
Sent: Sunday, August 04, 2002 12:16 PM
To: ale at ale.org
Subject: [ale] sunday morning ipchains

Hi guys,

I am having a bit of trouble with ipchains.  I created a coyote linux
floppy and it runs nicely.  My home network has an ftp server on it that
i would like to have accesable from the outside world, but i can't seem
to get ipchains to work properly.  here's my rule set (keep in mind i am
fairly new at this):

/sbin/ipchains -P forward DENY

/sbin/ipchains -A forward -j MASQ -s $LOCAL_NETWORK/$LOCAL_NETMASK -d
0.0.0.0/0

/sbin/ipchains -A forward -j MASQ -s 0.0.0.0/0 20:21 -p tcp -d
192.168.0.10 /sbin/ipchains -A forward -j MASQ -s 0.0.0.0/0 20:21 -p udp
-d 192.168.0.10

and here's what i see from "ipchains -L":

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt     source          destination   ports
MASQ   all  ------  192.168.0.0/24  anywhere      n/a
MASQ   tcp  ------  anywhere        192.168.0.10  ftp-data:ftp ->   any
MASQ   udp  ------  anywhere        192.168.0.10  20:fsp ->   any
Chain output (policy ACCEPT):

any ideas on what i should do?

and please be gentle  :)

thanks in advance.
Jason

---
This message has been sent through the ALE general discussion list. See
http://www.ale.org/mailing-lists.shtml for more info. Problems should be

sent to listmaster at ale dot org.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.