Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPCHAINS firewall and DHCP

Status
Not open for further replies.
SoonerIra

SoonerIra

MIS
Dec 8, 2000
45
US
I am setting up a firewall/router/dhcp server/etc. for home.

After running this ipchains script on the server to configure the firewall, the DHCP clients can't get an address from the server:
#!/bin/sh
extip="10.8.8.118"
extif="eth0"
intif="eth1"
intnet="10.1.1.0/24"

/sbin/ipchains -M -S 7200 10 60

/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward

/sbin/ipchains -P input REJECT
/sbin/ipchains -P output REJECT
/sbin/ipchains -P forward REJECT

/sbin/ipchains -A input -i $intif -s $intnet -d 0.0.0.0/0 -j ACCEPT
/sbin/ipchains -A input -i $extif -s $intnet -d 0.0.0.0/0 -j REJECT
/sbin/ipchains -A input -i $extif -s 0.0.0.0/0 -d $extip/24 -j ACCEPT
/sbin/ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

/sbin/ipchains -A output -i $intif -s 0.0.0.0/0 -d $intnet -j ACCEPT
/sbin/ipchains -A output -i $extif -s 0.0.0.0/0 -d $intnet -j REJECT
/sbin/ipchains -A output -i $extif -s $intnet -d 0.0.0.0/0 -j REJECT
/sbin/ipchains -A output -i $extif -s $extip/24 -d 0.0.0.0/0 -j ACCEPT
/sbin/ipchains -A output -i lo 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

/sbin/ipchains -A forward -i $extif -s $intnet -d 0.0.0.0/0 -j MASQ

What am I doing wrong, or what did I forget?

thx..
 
Sort by date Sort by votes
Here's an excerpt to my old ipchins ruleset

#path to ipchains
IPC=/sbin/ipchains
#make sure there are no residual rules
$IPC -F input

$IPC -A input -p tcp -s 192.168.1.117/16 -d 0.0.0.0/0 23
-j ACCEPT -i eth0

$IPC -A input -p tcp -s 0.0.0.0/0 --destination-port 23
-j DENY -l -i eth0

your ip masqurade should be set upon bootup. I used /etc/rc.d/rc.local for this

ipchains -P forward DENY
ipchains -A forward -i eth0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward


Unless you have "2" nics you'll be referencing eth0 on all of these

You'd setup your "virtual interfaces" as
eth0 eth0:1 eth0:2 eth0:3 etc etc

Hope this helps

Good luck
 
Upvote 0 Downvote
P.S.

This should work w/ DHCP.. but there may be more that will be needed. I uses static .. so I can't help there
 
Upvote 0 Downvote
try installing and looking at PMFirewall, from ...

it's an IPChains firewall, with an ./install.sh setup automated setup script, that takes care of designing default and customised rules to help u deal with packet filtering, DHCP clients and servers and NAT/Masquerading...

good luck...
 
Upvote 0 Downvote
Thanks.... the PMFirewall gave me the info I needed and it works great.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
403
SamBones
SamBones
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
363
ChrisHirst
ChrisHirst
macrun95
  • Locked
  • Question
I had a cifs mount blow up and now
Replies
0
Views
173
macrun95
macrun95
eliogabalus
  • Locked
  • Question
apache and IP oddities
Replies
0
Views
253
eliogabalus
eliogabalus
ady2012
  • Locked
  • Question
I had 2 text files and same contain
Replies
5
Views
345
ady2012
ady2012

Part and Inventory Search

Sponsor

Back
Top