sslug-teknik team mailing list archive

Thread
Date
imap og pop3 sammen med ipchains

To: sslug-teknik@xxxxxxxx
From: Rune Tønnesen <runet@xxxxxxxxx>
Date: Thu, 23 Aug 2001 20:22:47 +0200
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
Newsgroups: sslug.teknik
Organization: SSLUG
Hej jeg kan ikke få adgang til imap eller pop3 under RH 7.1

mit firewall script ser sådan her ud

#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x
kernels
# added support for 2.4.x kernels
#               using IPCHAINS
#
# Load all required IP MASQ modules
#
#   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ
modules
#          are shown below but are commented out from loading.

# Needed to initially load modules
#
/sbin/depmod -a

# Load Support for ipchains under 2.4.* kernel
#
/sbin/modprobe ipchains

# Supports the proper masquerading of FTP file transfers using the PORT
method
#
/sbin/modprobe ip_masq_ftp

# Supports the masquerading of RealAudio over UDP.  Without this module,

#       RealAudio WILL function but in TCP mode.  This can cause a
reduction
#       in sound quality
#
#/sbin/modprobe ip_masq_raudio

# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc


# Supports the masquerading of Quake and QuakeWorld by default.  This
modules is
#   for for multiple users behind the Linux MASQ server.  If you are
going to
#   play Quake I, II, and III, use the second example.
#
#   NOTE:  If you get ERRORs loading the QUAKE module, you are running
an old
#   -----  kernel that has bugs in it.  Please upgrade to the newest
kernel.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960


# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme

#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive


#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
#           Redhat Users:  you may try changing the options in
#                          /etc/sysconfig/network from:
#
#                       FORWARD_IPV4=false
#                             to
#                       FORWARD_IPV4=true
#
#echo "1" > /proc/sys/net/ipv4/ip_forward


#CRITICAL:  Enable automatic IP defragmenting since it is disabled by
default
#           in 2.2.x kernels.  This used to be a compile-time option but
the
#           behavior was changed in 2.2.12
#
#echo "1" > /proc/sys/net/ipv4/ip_always_defrag


# Dynamic IP users:
#
#   If you get your IP address dynamically from SLIP, PPP, or DHCP,
enable this #   following option.  This enables dynamic-ip address
hacking in IP MASQ,
#   making the life with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# Enable the LooseUDP patch which some Internet-based games require
#
#  If you are trying to get an Internet game to work through your IP
MASQ box,
#  and you have set it up to the best of your ability without it
working, try
#  enabling this option (delete the "#" character).  This option is
disabled
#  by default due to possible internal machine UDP port scanning
#  vunerabilities.
#
#echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose


# MASQ timeouts
#
#   2 hrs timeout for TCP session timeouts
#  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
#  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
#/sbin/ipchains -M -S 7200 10 160


# DHCP:  For people who receive their external IP address from either
DHCP or
#        BOOTP such as ADSL or Cablemodem users, it is necessary to use
the
#        following before the deny command.  The
"bootp_client_net_if_name"
#        should be replaced the name of the link that the DHCP/BOOTP
server
#        will put an address on to?  This will be something like "eth0",

#        "eth1", etc.
#
#        This example is currently commented out.
#
#
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0
67 -d /0 #68 -p udp

# Enable simple IP forwarding and Masquerading
#
#  NOTE:  The following is an example for an internal LAN address in the

#         192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
mask
#         connecting to the Internet on interface eth0.
#
#         ** Please change this network number, subnet mask, and your
Internet
#         ** connection interface name to match your internal LAN setup
#
/sbin/ipchains -P forward DENY

#Enable internal interfaces to communication between each other
/sbin/ipchains -A forward -i eth1 -d 192.168.0.0/24

#Enable internal interfaces to MASQ out to the Internet
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0

/sbin/ipchains -I input 1 -p tcp --dport 143 -j ACCEPT -i eth0
/sbin/ipchains -I input 1 -p tcp --dport 110 -j ACCEPT -i eth0

jeg har ikke adgang til imap eller pop3 når jeg kører telnet localhost
143 eller 110

På forhånd tak