Hi,
Could anyone help, i have set up a small local network (class c) of 3 pc's..well call one bob, another reg and the server uncle.The other workstations both have modems on (ppp0).
i have set it up to allow logins to uncle (server) from the other machines using NIS and NFS (their home directorys are stored on the server, using NIS & NFS).
when i setup the firewall using ipchains ,it disconnects my NIS and NFS ports(thus RPC errors, i have allowed acess to local network from what i can see.See my script below.
I set up the rules to deny all, thus allowing me to specify what *I* want to let from /to the internet.
So i presume that i have blocked the ports running on NIS and NFS, i cannot seem to find what ports these use.could someone please help me out ( as Iam new to ipchains and network; just starting out)
Cheers
Vendemmian
#!/bin/bash
# i------------ Define varables --------------
# High Non Well know ports
HI="1024:65523"
# Define the default network address's
ALL="0.0.0.0/0"
# Define all private network address's
PRIV_NET="192.168.1.0/255.255.255.0"
#Define localhost address
LOCAL_HOME="127.0.0.1"
# Get dynamic PPP IP address (from isp)
PPP_IP=`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e "s/addr\://"`
echo $PPP_IP
# ----------- General Rules ------------
#
# Flush out all existing rules
/sbin/ipchains -F
# Flush out all existing chains
/sbin/ipchains -X
# Set default filters to DENY everything
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains -P forward DENY
# Allow all internal loacalhost traffic
/sbin/ipchains -A input -i lo -j ACCEPT
/sbin/ipchains -A output -i lo -j ACCEPT
# Allow all internal network traffic
/sbin/ipchains -A input -i eth0 -j ACCEPT
/sbin/ipchains -A output -i eth0 -j ACCEPT
# Deny spoofed packets
/sbin/ipchains -A input -j DENY -i ppp0 -s $PPP_IP -d $ALL
/sbin/ipchains -A output -j DENY -i ppp0 -s $PRIV_NET -d $ALL
# --- TCP ---
/sbin/ipchains -A output -p tcp -j ACCEPT -i ppp0 -s $PPP_IP -d $ALL
/sbin/ipchains -A input -p tcp -j ACCEPT -i ppp0 ! -y -s $ALL -d $PPP_IP
# --- UDP ---
/sbin/ipchains -A output -p udp -j ACCEPT -i ppp0 -s $PPP_IP -d $ALL
/sbin/ipchains -A input -p udp -j ACCEPT -i ppp0 -s $ALL -d $PPP_IP
|