[pptp-server] ipchains killed my networking?!?!
Elliott Stern
estern at opennetwork.com
Tue Aug 8 13:12:14 CDT 2000
I just booted and did not start networking as the system loaded. After
logging in, I applied your chain rules from the prompt. Then I brought
up the lo interface ( 'ifup lo' ) and I got that "SIOCADDRT: Network is
unreachable" message again. I have checked the chains using 'ipchains
-L' and they are correct. Any other ideas? I appreciate the help.
-Elliott
-------- Original Message --------
Subject: Re: [pptp-server] ipchains killed my networking?!?!
Date: Tue, 08 Aug 2000 14:01:23 -0400
From: "Kenneth E. Lussier" <klussier at mclinux.com>
To: Elliott Stern <estern at opennetwork.com>
CC: pptp-server at lists.schulte.org
References:
<A373465542FFD311A3A90090275158F50DC6C4 at absrv06.astonbrooke.com>
<013601c0014e$ada40ba0$280111ac at amadorinc.com>
<39904216.918AB5B7 at opennetwork.com>
I'd have to see the rules that you are using in order to make real
assessment. However, what is sounds like is a malformation of rules. I
put a copy of my ipchains rules at the bottom. In any event, you
shouldn't need to reboot the server to clear the rules. Just run
ipchains -F input; ipchains -F output; ipchains -F forward; ipchains -P
ACCEPT.
Kenny
Elliott Stern wrote:
>
> Maybe someone here can give me a hand with this. After setting up and
> testing PoPToP on a new computer, I decided to make a ipchains firewall
> to protect the box. Well, now my system has no networking
> capabilities. I have reset my computer and run 'ipchains -L' to verify
> that all rules are clear and that the default policy for all chains is
> ACCEPT, but I still can't get my networking to work (including the
> loopback interface). When I bring up the loopback interface, I get a
> message: "SIOCADDRT: Network is unreachable". I have even tried
> shutting down and unplugging the power for 15-20 seconds to clear the
> cache, but that isn't helping. Anyone have any ideas?
>
> -Elliott
#!/bin/bash
ipchains -F
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -A input -i 127.0.0.1 -j ACCEPT
ipchains -A input -i eth0 -j ACCEPT
ipchains -M -S 36000 0 0
#PPTP Rules
ipchains -A input -i eth1 -p 47 -d external.ipaddress.here -j ACCEPT
ipchains -A input -i eth1 -p tcp -d external.ipaddress.here 1723 -j
ACCEPT
ipchains -A input -i ppp+ -j ACCEPT
ipchains -A forward -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
#SSH Rules
ipchains -A input -i eth1 -p tcp \
-s 0/0 1024:65535 \
-d external.ipaddress.here/32 22 -j ACCEPT
ipchains -A output -i eth1 -p tcp ! -y \
-s external.ipaddress.here/32 22 \
-d 0/0 1024:65535 -j ACCEPT
ipchains -A input -i eth1 -p tcp \
-s 0/0 512:1023 \
-d external.ipaddress.here/32 22 -j ACCEPT
ipchains -A output -i eth1 -p tcp ! -y \
-s 208.51.139.30/32 22 \
-d 0/0 512:1023 -j ACCEPT
ipchains -A input -i eth1 -p tcp \
-s 0/0 0:1023 \
-d external.ipaddress.here/32 22 -j ACCEPT
ipchains -A output -i eth1 -p tcp ! -y \
-s external.ipaddress.here/32 22 \
-d 0/0 512:1023 -j ACCEPT
ipchains -A input -i eth0 -p tcp \
-s 0/0 1024:65535 \
-d 10.100.0.2/32 -j ACCEPT
ipchains -A output -i eth0 -p tcp ! -y \
-s 10.100.0.2/32 22 \
-d 0/0 1024:65535 -j ACCEPT
ipchains -A input -i eth0 -p tcp \
-s 0/0 512:1023 \
-d 10.100.0.2/32 22 -j ACCEPT
ipchains -A output -i eth0 -p tcp ! -y \
-s 10.100.0.2/32 22 \
-d 0/0 512:1023 -j ACCEPT
ipchains -A input -i eth0 -p tcp \
-s 0/0 0:1023 \
-d 10.100.0.2/32 22 -j ACCEPT
ipchains -A output -i eth0 -p tcp ! -y \
-s 10.100.0.2/32 22 \
-d 0/0 512:1023 -j ACCEPT
#IPSec rules
ipchains -A input -p UDP -d external.ipaddress.here/32 500 -j ACCEPT
ipchains -A input -p UDP -d external.ipaddress.here/32 500 -j ACCEPT
ipchains -A input -p 50 -d external.ipaddress.here/32 -j ACCEPT
ipchains -A input -p 50 -d external.ipaddress.here/32 -j ACCEPT
ipchains -A input -p 51 -d external.ipaddress.here/32 -j ACCEPT
ipchains -A input -p 51 -d external.ipaddress.here/32 -j ACCEPT
ipchains -A input -b -s 10.0.0.0/8 -j ACCEPT
ipchains -A forward -b -s 10.0.0.0/8 -j ACCEPT
#DENY and LOG everything else!!
ipchains -A input -i eth0 -p all -j DENY -l
ipchains -A input -i eth1 -p all -j DENY -l
ipchains -P input DENY
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************************************
Life is a lesson, you learn it at the end
Reality has become increasingly less accurate
***********************************************************
More information about the pptp-server
mailing list