[PROXYPER] making linux server accept
waldo kitty
wkitty42 at alltel.net
Wed Jul 24 01:26:40 EDT 2002
i don't know if you'll get the assistance you seek on the list... if you
like, email me your ipchains congif file and i'll take a look and see if
i can figure out what it is that is happening... it may be all tied up
in the forward chain if it is as i imagine it may be currently
configured... also note that a lot also has to do with the addresses
that are being used to try to access the perproxy... it seems that you
are telling us (tinu) that "ipchains -L" is returning with the
following...
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT udp ------ hoshi.msi.net.ph anywhere
domain -> 1025:65535
ACCEPT tcp -y---- anywhere anywhere
any -> ftp
ACCEPT tcp -y---- anywhere anywhere
any -> telnet
ACCEPT udp ------ anywhere anywhere
bootps:bootpc -> bootps:bootpc
ACCEPT udp ------ anywhere anywhere
bootps:bootpc -> bootps:bootpc
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
REJECT tcp -y---- anywhere anywhere
any -> 0:1023
REJECT tcp -y---- anywhere anywhere
any -> nfs
REJECT udp ------ anywhere anywhere
any -> 0:1023
REJECT udp ------ anywhere anywhere
any -> nfs
REJECT tcp -y---- anywhere anywhere
any -> x11:6009
REJECT tcp -y---- anywhere anywhere
any -> xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
i see at least one rule that appears to be duplicated (the bootps:bootpc
one)... however, with a default rule of ACCEPT, the input chain would
appear to not need any rules other than your explicit REJECT rules... my
understanding and implementations have all started with a default rule
of DENY and then i add in any necessary ACCEPT and such rules...
another piece of info that is needed is the IP addresses of the systems
involved... this is one very important piece of info but i can
understand if security concerns caution you to not post them...
"Anuerin G. Diaz" wrote:
>
> aside from those listed below, the forward and output chains have a
> policy of ACCEPT. this is really confusing since as you have said the
> server seems to be accepting all connections but still i get a
> connection refused message. the perproxy, as far as i can tell, doesnt
> know somebody is connecting to it. i know this is really a linux
> question but maybe somebody here can help me out before i get a rtfm at
> the linux mailing lists.
>
> ciao!
>
> waldo kitty wrote:
> >
> > whatever you do with IPChains, remember that port 2064 is the "test"
> > port and 3064 is the "live" port for the perproxy... if i recall
> > correctly, you may change these in the config file but it is probably
> > best not to...
> >
> > after unwrapping your ipchains output, it appears that you are accepting
> > all on the input side... what about other chains that you may have? what
> > does the perproxy log show?
> >
> > "Anuerin G. Diaz" wrote:
> > >
> > > hi,
> > >
> > > can anybody tell me how to make the linux perproxy server accept
> > > client connections. i know this is probably an ipchain question but im
> > > pretty hardpressed for time so i apologize if i will have to take the
> > > 'cowardly' route. here is the output of ipchains -L input
> > >
> > > Chain input (policy ACCEPT):
> > > target prot opt source destination ports
> > > ACCEPT udp ------ hoshi.msi.net.ph anywhere domain -> 1025:65535
> > > ACCEPT tcp -y---- anywhere anywhere any -> ftp
> > > ACCEPT tcp -y---- anywhere anywhere any -> telnet
> > > ACCEPT udp ------ anywhere anywhere bootps:bootpc -> bootps:bootpc
> > > ACCEPT udp ------ anywhere anywhere bootps:bootpc -> bootps:bootpc
> > > ACCEPT all ------ anywhere anywhere n/a
> > > ACCEPT all ------ anywhere anywhere n/a
> > > REJECT tcp -y---- anywhere anywhere any -> 0:1023
> > > REJECT tcp -y---- anywhere anywhere any -> nfs
> > > REJECT udp ------ anywhere anywhere any -> 0:1023
> > > REJECT udp ------ anywhere anywhere any -> nfs
> > > REJECT tcp -y---- anywhere anywhere any -> x11:6009
> > > REJECT tcp -y---- anywhere anywhere any -> xfs
> > >
> > > the linux server is RH7.2.
> > >
> > > thanks!
> > >
> > > --
> > >
> > > "Programming, an artform that fights back."
> > >
> > > =============================
> > > Anuerin G. Diaz
> > > Design Engineer
> > > Millennium Software, Incorporated
> > > 2305 B West Tower, Philippines Stocks Exchange Center,
> > > Exchange Road, Ortigas Center, Pasig City
> > >
> > > Tel# 637-4634 loc. 75
> > > Fax# 637-4679
> > >
> > > Registered Linux User #246176
> > > =============================
> > > --
> > > To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
> >
> > --
> > _\/
> > (@@) Waldo Kitty, Waldo's Place USA
> > __ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
> > _|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
> > ____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
> > _|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 (at) alltel.net
> > --
> > To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
> >
> > --
> > To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
>
> --
>
> "Programming, an artform that fights back."
>
> =============================
> Anuerin G. Diaz
> Design Engineer
> Millennium Software, Incorporated
> 2305 B West Tower, Philippines Stocks Exchange Center,
> Exchange Road, Ortigas Center, Pasig City
>
> Tel# 637-4634 loc. 75
> Fax# 637-4679
>
> Registered Linux User #246176
> =============================
> --
> To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
--
_\/
(@@) Waldo Kitty, Waldo's Place USA
__ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
_|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
_|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 (at) alltel.net
--
To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
--
To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
More information about the proxyper
mailing list