Hello, You need some accept rules for tcp, udp, and ICMP, see example below:
eth0 is your interface. ===EXAMPLE RULES=== # TCP # serve ftp for NON-passive clients_ONLY_ -A input -i eth0 -p tcp --destination-port 20:21 --syn -j ACCEPT -l # serve ssh - 22 -A input -i eth0 -p tcp --destination-port 22 --syn -j ACCEPT -l # serve smtp - 25 -A input -i eth0 -p tcp --destination-port 25 --syn -j ACCEPT # serve http - 80 -A input -i eth0 -p tcp --destination-port 80 --syn -j ACCEPT # serve https admin - 81 -A input -i eth0 -p tcp --destination-port 81 --syn -j ACCEPT -l # serve pop3 - 110 -A input -i eth0 -p tcp --destination-port 110 --syn -j ACCEPT # disallow SYN on all else -A input -i eth0 -p tcp --syn -j DENY -l #allow gateway -A input -i eth0 --source xxx.xx.xxx.x -j ACCEPT # allow existing TCP sessions to continue -A input -i eth0 -p tcp -j ACCEPT # UDP # DNS response -A input -i eth0 -p udp --source xxx.xxx.xxx.xxx 53 -j ACCEPT -A input -i eth0 -p udp --source xxx.xxx.xxx.xxx 53 -j ACCEPT # ICMP allowed -A input -i eth0 -p icmp -j ACCEPT # disallow all else -A input -i eth0 -j DENY -l ======END OF EXAMPLE RULES======= BTW what is the firewall you are using. Please note that DNS RESPONSE above where IP is xxx.xxx.xxx.xxx. These IPs for your name servers at your ISP or at your server if you are running your own DNS. Regards, Al-Juhani [EMAIL PROTECTED] >===== Original Message From [EMAIL PROTECTED] ===== >I did a minimal install of 7.2 on a machine to act as a router and >firwall and router. I used up2date and have everything current so the >internet connection works. I can ping the isp dns ipaddress from both >linux and windows computers but I can not use internet explorer or >netscape to view websites neither can find the server. Also fetchmail >gives a DNS error message about not finding pop.earthlink.net. I have >the nameserver in the /etc/resolv.conf files. I have forwarding turned >on and this is my ipchains file on the firewall. ># Firewall configuration written by lokkit ># Manual customization of this file is not recommended. ># Note: ifup-post will punch the current nameservers through the ># firewall; such entries will *not* be listed here. >:input ACCEPT >:forward ACCEPT >:output ACCEPT >-A input -s 0/0 -d 0/0 -i lo -j ACCEPT >-A input -s 207.69.188.185 53 -d 0/0 -p udp -j ACCEPT >-A input -s 207.69.188.186 53 -d 0/0 -p udp -j ACCEPT >-A input -s 207.69.188.187 53 -d 0/0 -p udp -j ACCEPT >-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT >-A input -s 0/0 -d 0/0 -p udp -j REJECT >#enable simple IP forwarding and Masqurading >-P forward DENY >-A forward -i ppp0 -s 192.168.1.1/32 -j MASQ >-A forward -i ppp0 -s 192.168.1.2/32 -j MASQ >-A forward -i ppp0 -s 192.168.1.6/32 -j MASQ >-A forward -i ppp0 -s 192.168.1.8/32 -j MASQ >-A forward -i ppp0 -s 192.168.1.9/32 -j MASQ > >Does anyone have any idea what I need to do to get this setup to work? > Thanks > Linda Hanigan -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
