hitspot
07-16-2002, 10:34 AM
I'm having some difficulty getting IPchains configured properly.I would troubleshoot it myself all day, but and as we recently had a hacking incident it needs to be done asap, and therefore I am willing to pay someone to help me do it. (Say, $100?) So, I would appreciate any advice, and if any experts on IPchains wants to take me up on the pay offer please contact me by PM or by emailing hitspot@cobaltns.com.
I have the program installed on my servers, all that needs to be done is getting the chain configuration itself working.
I have currently set it up with the instructions here:
http://www.raqhowto.com/kbase/index.php?id=15&bt=info
The current configuration, posted below, is causing the following problems:
(1) I set it up on a cable internet connection, at a seperate location, and it seemed to work fine. However, at home on my home network (a dialup), it could not reach the domains behind the firewall. We are using internet sharing with a proxy on the home network, so i'm not sure if it is actually working and is just messed up because of our proxy, or if it is actually blocking access from all ISPs other then the original connection that I setup the firewall with.
(2) Using webmail to send to a local domain on the same server caused an error when behind the firewall - so it looks like it might be blocking local server connections. We would therefore need for to use webmail, localhost mysql, and between domains on the local server (and between).
Here is my code (I motified the gateway/DNS sections on the server itself but am not displaying them here):
# keep out bad guys
ipchains -A input -i eth0 --source 63.170.135.135 -j DENY -l
ipchains -A input -i eth0 --source 206.15.30.22 -j DENY -l
ipchains -A input -i eth0 --source 63.206.55.218 -j DENY -l
ipchains -A input -i eth0 --source 211.97.147.68 -j DENY -l
ipchains -A input -i eth0 --source 64.65.64.17 -j DENY -l
ipchains -A input -i eth0 --source 166.114.182.76 -j DENY -l
ipchains -A input -i eth0 --source 212.41.199.107 -j DENY -l
ipchains -A input -i eth0 --source 212.87.88.207 -j DENY -l
ipchains -A input -i eth0 --source 213.93.219.189 -j DENY -l
ipchains -A input -i eth0 --source 205.163.15.120 -j DENY -l
ipchains -A input -i eth0 --source 207.218.223.135 -j DENY
ipchains -A input -i eth0 --source 61.33.232.2 -j DENY
ipchains -A input -i eth0 --source 212.198.145.207 -j DENY
ipchains -A input -i eth0 --source 194.230.214.169 -j DENY
ipchains -A input -i eth0 --source 193.205.222.226 -j DENY
ipchains -A input -i eth0 --source 203.66.249.253 -j DENY
ipchains -A input -i eth0 --source 210.69.38.222 -j DENY
ipchains -A input -i eth0 --source 62.157.8.57 -j DENY
ipchains -A input -i eth0 --source 216.232.127.25 -j DENY
ipchains -A input -i eth0 --source 62.211.220.90 -j DENY
ipchains -A input -i eth0 --source 80.133.249.45 -j DENY
ipchains -A input -i eth0 -p tcp --destination-port 137 --syn -j DENY
# TCP
# serve ftp for NON-passive clients_ONLY_
ipchains -A input -i eth0 -p tcp --destination-port 20:21 --syn -j ACCEPT -l
# serve ssh - 22
ipchains -A input -i eth0 -p tcp --destination-port 22 --syn -j ACCEPT -l
# serve smtp - 25
ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j ACCEPT
# serve http - 80
ipchains -A input -i eth0 -p tcp --destination-port 80 --syn -j ACCEPT
# serve https admin - 81
ipchains -A input -i eth0 -p tcp --destination-port 81 --syn -j ACCEPT -l
# serve pop3 - 110
ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j ACCEPT
# disallow SYN on all else
ipchains -A input -i eth0 -p tcp --syn -j DENY -l
#keep rackshack monitor from filling logs
ipchains -A input -i eth0 --source 207.218.223.135 -j DENY
#allow gateway
ipchains -A input -i eth0 --source xxx.xx.xxx.x -j ACCEPT
# allow existing TCP sessions to continue
ipchains -A input -i eth0 -p tcp -j ACCEPT
# UDP
# DNS response
ipchains -A input -i eth0 -p udp --source xxx.xxx.xxx.xxx 53 -j ACCEPT
ipchains -A input -i eth0 -p udp --source xxx.xxx.xxx.xxx 53 -j ACCEPT
# ICMP allowed
ipchains -A input -i eth0 -p icmp -j ACCEPT
# disallow all else
ipchains -A input -i eth0 -j DENY -l
Thanks,
David Kiley
I have the program installed on my servers, all that needs to be done is getting the chain configuration itself working.
I have currently set it up with the instructions here:
http://www.raqhowto.com/kbase/index.php?id=15&bt=info
The current configuration, posted below, is causing the following problems:
(1) I set it up on a cable internet connection, at a seperate location, and it seemed to work fine. However, at home on my home network (a dialup), it could not reach the domains behind the firewall. We are using internet sharing with a proxy on the home network, so i'm not sure if it is actually working and is just messed up because of our proxy, or if it is actually blocking access from all ISPs other then the original connection that I setup the firewall with.
(2) Using webmail to send to a local domain on the same server caused an error when behind the firewall - so it looks like it might be blocking local server connections. We would therefore need for to use webmail, localhost mysql, and between domains on the local server (and between).
Here is my code (I motified the gateway/DNS sections on the server itself but am not displaying them here):
# keep out bad guys
ipchains -A input -i eth0 --source 63.170.135.135 -j DENY -l
ipchains -A input -i eth0 --source 206.15.30.22 -j DENY -l
ipchains -A input -i eth0 --source 63.206.55.218 -j DENY -l
ipchains -A input -i eth0 --source 211.97.147.68 -j DENY -l
ipchains -A input -i eth0 --source 64.65.64.17 -j DENY -l
ipchains -A input -i eth0 --source 166.114.182.76 -j DENY -l
ipchains -A input -i eth0 --source 212.41.199.107 -j DENY -l
ipchains -A input -i eth0 --source 212.87.88.207 -j DENY -l
ipchains -A input -i eth0 --source 213.93.219.189 -j DENY -l
ipchains -A input -i eth0 --source 205.163.15.120 -j DENY -l
ipchains -A input -i eth0 --source 207.218.223.135 -j DENY
ipchains -A input -i eth0 --source 61.33.232.2 -j DENY
ipchains -A input -i eth0 --source 212.198.145.207 -j DENY
ipchains -A input -i eth0 --source 194.230.214.169 -j DENY
ipchains -A input -i eth0 --source 193.205.222.226 -j DENY
ipchains -A input -i eth0 --source 203.66.249.253 -j DENY
ipchains -A input -i eth0 --source 210.69.38.222 -j DENY
ipchains -A input -i eth0 --source 62.157.8.57 -j DENY
ipchains -A input -i eth0 --source 216.232.127.25 -j DENY
ipchains -A input -i eth0 --source 62.211.220.90 -j DENY
ipchains -A input -i eth0 --source 80.133.249.45 -j DENY
ipchains -A input -i eth0 -p tcp --destination-port 137 --syn -j DENY
# TCP
# serve ftp for NON-passive clients_ONLY_
ipchains -A input -i eth0 -p tcp --destination-port 20:21 --syn -j ACCEPT -l
# serve ssh - 22
ipchains -A input -i eth0 -p tcp --destination-port 22 --syn -j ACCEPT -l
# serve smtp - 25
ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j ACCEPT
# serve http - 80
ipchains -A input -i eth0 -p tcp --destination-port 80 --syn -j ACCEPT
# serve https admin - 81
ipchains -A input -i eth0 -p tcp --destination-port 81 --syn -j ACCEPT -l
# serve pop3 - 110
ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j ACCEPT
# disallow SYN on all else
ipchains -A input -i eth0 -p tcp --syn -j DENY -l
#keep rackshack monitor from filling logs
ipchains -A input -i eth0 --source 207.218.223.135 -j DENY
#allow gateway
ipchains -A input -i eth0 --source xxx.xx.xxx.x -j ACCEPT
# allow existing TCP sessions to continue
ipchains -A input -i eth0 -p tcp -j ACCEPT
# UDP
# DNS response
ipchains -A input -i eth0 -p udp --source xxx.xxx.xxx.xxx 53 -j ACCEPT
ipchains -A input -i eth0 -p udp --source xxx.xxx.xxx.xxx 53 -j ACCEPT
# ICMP allowed
ipchains -A input -i eth0 -p icmp -j ACCEPT
# disallow all else
ipchains -A input -i eth0 -j DENY -l
Thanks,
David Kiley