Results 1 to 2 of 2
I have posted my problem on fwbuilder forum, but there is not much space for newbie like me.
I try to set up firewall allowing TCP custom service through. After ...
- 03-20-2008 #1Just Joined!
- Join Date
- Nov 2007
- Posts
- 8
policy rules and fwbuilder.
I have posted my problem on fwbuilder forum, but there is not much space for newbie like me.
I try to set up firewall allowing TCP custom service through. After few days of trials I am not able to get it right.
I would appreciate if you could have a look at gathered info and give me some tips ‘what I’m doing wrong’.
My polices rule #7:
#allows (?) custom tcp service
#
$IPTABLES -N In_RULE_7
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 5000 -m state --state NEW -j In_RULE_7
$IPTABLES -A In_RULE_7 -j LOG --log-level info --log-prefix "RULE 7 -- ACCEPT "
$IPTABLES -A In_RULE_7 -j ACCEPT
#
After ‘sucesful’ compiling I can read in ‘System log’:
Mar 16 14:25:53 xxxxxxx kernel: ip_tables: connlimit match: invalid size 32 != 16
And from the same log I can see that my rule #11 (“catch it all”) deny access of my custom tcp service
Rule 11 – DENY IN=eth0 OUT=eth1 SRC= xxx.xxx.xxx.205 DST 192.168.0.9 LEN 60 TOS0x00 PREC=0x00 TTL=47 ID=448xx DF PROTO=TCP SPT=1241 DPT=5000 WINDOW=5120 RES=0x00 SYN URGP=0
Thanks for help,
Eric
- 03-30-2008 #2Just Joined!
- Join Date
- Nov 2007
- Posts
- 8
It looks like I missed out a rule allowing my custom TCP service from firewall to a host behind it. I thought NAT rules do the trick.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts