DNS on firewall machine & traffic in/out of firewall to
Sat, 6 Oct 2001 01:13:33 -0700
Believe it or not, this actually seems to have done the trick! I checked
the line towards the end of the file from
$IPTABLES -A OUTPUT -p ALL -d $INET_IP -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -s $INET_IP -j ACCEPT
and everything started working just fine - firewall can now send email out
(what I really wanted to do - email Tripwire reports to my cell phone) and
everything else that didn't work - ping, telnet, etc.
Am I opening anything up that I don't want to be by doing this? Also, do
you have any other suggestions for tightening up things more on the
firewall? If you'd like, I can re-send my current rc.firewall for the record
if you'd like to update your tutorial with the latest from the 'test
Thank you so much for your help!
> I found something just now that don't look right....
> $IPTABLES -A OUTPUT -p ALL -d $LO_IP -s $LO_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -d $LAN_IP -s $LAN_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -d $INET_IP -s $INET_IP -j ACCEPT
> It seems you're not allowing packets to leave the firewall. Or rather, you
> don't allow them to the internet. You let packets through from LO_IP to
> LO_IP, you allow packets from LAN_IP to LAN_IP and you allow packets from
> INET_IP to INET_IP... but that's it.
> I just checked the original script myself, and found out that there's an
> error in there=). It should be -o $INET_IFACE -s $INET_IP, but it reads -d
> $INET_IFACE...(This'll probably not fix your problem with sendto not
>permitted though but try it anyways)