Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] Hi @ll -----> I have problems with my firewall
- From: Ralf Koch <info@xxxxxxxxxx>
- Date: Wed, 3 Oct 2001 23:35:52 +0100
- Message-id: <PM-CH.20011003233552.12009.2.1D@xxxxxxxxxxxxx>
Hi Rüdiger.
>On my server a 2.4 kernel with an iptables firewall is running. I have
>already set up a few rules but there are still problems downloading my
>emails. It takes about 15 seconds to look if there's mail, without
>firewall it only takes half a second.
That's the good old port 113 problem. Setup a rule to reject incoming TCP
113 and you are fine with that. (That's kind of a FAQ)
>Another problem is that i can reach neither an internal nor an external
>pc using ssh.
>[...]
>### SSHserver TCP freigabe! ###
>iptables -A INPUT -p TCP --dport 22 -j ACCEPT
>iptables -A OUTPUT -p TCP --sport 22 -j ACCEPT
>### SSHserver UDP freigabe! ###
>iptables -A INPUT -p UDP --dport 22 -j ACCEPT
>iptables -A OUTPUT -p UDP --sport 22 -j ACCEPT
>[...]
Ok, your rules allow incoming SSH connections from anywhere to this
server. To allow outgoing connections simply enter:
iptables -A OUTPUT -p TCP --dport 22 -j ACCEPT
iptables -A INPUT -p TCP --sport 22 -j ACCEPT
But why do you open Port 22 UDP? I don't remember SSH using UDP
connections.
>When my firewall is up I can't use the nfs drive.
>
Ummm. Somebody for the nfs ports? I actually don't remember the correct
port numbers....
>Who can help me solving these problems???
>
Hmmm. Having a deeper look on your rules, there's a lot obsolete stuff.
Soory for me not helping you with that, but I'm still using ipchains and
won't give you wrong answers. Anybody else for cleaning up the iptables
configuration?
Cheers,
Ralf
>On my server a 2.4 kernel with an iptables firewall is running. I have
>already set up a few rules but there are still problems downloading my
>emails. It takes about 15 seconds to look if there's mail, without
>firewall it only takes half a second.
That's the good old port 113 problem. Setup a rule to reject incoming TCP
113 and you are fine with that. (That's kind of a FAQ)
>Another problem is that i can reach neither an internal nor an external
>pc using ssh.
>[...]
>### SSHserver TCP freigabe! ###
>iptables -A INPUT -p TCP --dport 22 -j ACCEPT
>iptables -A OUTPUT -p TCP --sport 22 -j ACCEPT
>### SSHserver UDP freigabe! ###
>iptables -A INPUT -p UDP --dport 22 -j ACCEPT
>iptables -A OUTPUT -p UDP --sport 22 -j ACCEPT
>[...]
Ok, your rules allow incoming SSH connections from anywhere to this
server. To allow outgoing connections simply enter:
iptables -A OUTPUT -p TCP --dport 22 -j ACCEPT
iptables -A INPUT -p TCP --sport 22 -j ACCEPT
But why do you open Port 22 UDP? I don't remember SSH using UDP
connections.
>When my firewall is up I can't use the nfs drive.
>
Ummm. Somebody for the nfs ports? I actually don't remember the correct
port numbers....
>Who can help me solving these problems???
>
Hmmm. Having a deeper look on your rules, there's a lot obsolete stuff.
Soory for me not helping you with that, but I'm still using ipchains and
won't give you wrong answers. Anybody else for cleaning up the iptables
configuration?
Cheers,
Ralf
| < Previous | Next > |