On 2001.05.24 12:25:32 +0200 'Togan Muftuoglu' wrote:
* Philipp Snizek <mailinglists@belfin.ch> [010524 12:55]:
only block 53/tcp.
This is what I have now ( I am using DNS caching server only maybe I am doing this wrong)
ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT ipchains -A input -p udp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT
Since your are not an ISP, you don't need the tcp protocoll for dns
and you are suggesting
ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 53 -j REJECT
open 1024:5000 for client requests and receiving answers. These are usually the most used ports for communication from client to servers to client if you use masquerading on your linux box. Since you've got a dial up "router" you do use masquerading.
This part I did not get the picture I have an ADSL connection (so its pppoe) Is this what you mean
ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1024:5000 -j ACCEPT ipchains -A input -p udp -s $REMOTENET -d $OUTERNET 1024:5000 -j ACCEPT
Also no tcp needed. You should make shure that all pakets have no syn-bit set. ipchains -A input -p udp -s $REMOTENET -d $OUTERNET 1024:5000 ! -y -j ACCEPT Gruß Jörg -- www.lug-untermain.de - Dipl.-Ing. Jörg Schütter joerg.schuetter@gmx.de