Re: [PLUG] identd question

Beldon Dominello on Sat, 2 Sep 2000 18:04:59 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] identd question

From: Beldon Dominello <beldon@speakeasy.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] identd question

Date: Sat, 02 Sep 2000 18:06:12 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Darxus@ChaosReigns.com wrote: > On Sat, Sep 02, 2000 at 12:44:01AM -0400, Beldon Dominello wrote: > > Vik Bajaj wrote: > > > > > The semantics of your description raise questions about the directionality > > > of your ruleset for ident. Can you be more specific? Are you operating > > > a masquerading/NAT environment? What are the specific rules in your ruleset > > > which relate to ident? > > > > > > -V. > > > > I've set the rules as follows using IPCHAINS: > > The output of "ipchains -L" would be more useful. > > And the question of are you using IP masquerading or NAT was important. > > When you "telnet localhost 113", do you get up to > "Escape character is '^]'." ? Okay, output of ipchains -L: Chain input (policy DENY): target prot opt source destination ports DENY all ----l- 192.168.0.0/24 anywhere n/a ACCEPT icmp ------ anywhere anywhere destination-unreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-problem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply ACCEPT all ------ anywhere anywhere n/a ACCEPT all ------ anywhere anywhere n/a ACCEPT udp ------ anywhere milo.none domain -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none domain -> 1024:65535 ACCEPT udp ------ anywhere milo.none domain -> domain ACCEPT tcp !y---- anywhere milo.none 252 -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none finger -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none ftp -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none 1024:65535 -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none 554 -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none 1024:65535 -> 7070:7071 ACCEPT udp ------ anywhere milo.none 1024:65535 -> 6970:6999 ACCEPT tcp !y---- anywhere milo.none www -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none https -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none imap2 -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none ircd -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none nntp -> 1024:65535 ACCEPT udp ------ anywhere milo.none ntp -> 1024:65535 ACCEPT udp ------ anywhere milo.none ntp -> ntp ACCEPT tcp !y---- anywhere milo.none pop3 -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none smtp -> 1024:65535 REJECT tcp ------ anywhere anywhere any -> auth ACCEPT tcp !y---- anywhere milo.none ssh -> 1010:1023 ACCEPT tcp !y---- anywhere milo.none ssh -> 1024:65535 ACCEPT tcp !y---- anywhere milo.none whois -> 1024:65535 DENY igmp ------ anywhere ALL-SYSTEMS.MCAST.NET n/a DENY all ----l- anywhere anywhere n/a Chain forward (policy DENY): target prot opt source destination ports MASQ all ------ 192.168.0.0/24 anywhere n/a DENY all ----l- anywhere anywhere n/a DENY all ----l- anywhere anywhere n/a Chain output (policy DENY): target prot opt source destination ports ACCEPT icmp ------ anywhere anywhere destination-unreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-problem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply ACCEPT all ------ anywhere anywhere n/a ACCEPT all ------ anywhere anywhere n/a ACCEPT udp ------ milo.none anywhere 1024:65535 -> domain ACCEPT tcp ------ milo.none anywhere 1024:65535 -> domain ACCEPT udp ------ milo.none anywhere domain -> domain ACCEPT tcp ------ milo.none anywhere 1024:65535 -> 252 ACCEPT tcp ------ milo.none anywhere 1024:65535 -> finger ACCEPT tcp ------ milo.none anywhere 1024:65535 -> ftp ACCEPT tcp ------ milo.none anywhere 1024:65535 -> 1024:65535 ACCEPT tcp ------ milo.none anywhere 1024:65535 -> 554 ACCEPT tcp ------ milo.none anywhere 7070:7071 -> 1024:65535 ACCEPT udp ------ milo.none anywhere 6970:6999 -> 1024:65535 ACCEPT tcp ------ milo.none anywhere 1024:65535 -> www ACCEPT tcp ------ milo.none anywhere 1024:65535 -> https ACCEPT tcp ------ milo.none anywhere 1024:65535 -> imap2 ACCEPT tcp ------ milo.none anywhere 1024:65535 -> ircd ACCEPT tcp ------ milo.none anywhere 1024:65535 -> nntp ACCEPT udp ------ milo.none anywhere 1024:65535 -> ntp ACCEPT udp ------ milo.none anywhere ntp -> ntp ACCEPT tcp ------ milo.none anywhere 1024:65535 -> pop3 ACCEPT tcp ------ milo.none anywhere 1024:65535 -> smtp ACCEPT tcp ------ milo.none anywhere 1010:1023 -> ssh ACCEPT tcp ------ milo.none anywhere 1024:65535 -> ssh ACCEPT udp ------ milo.none anywhere 32769:65535 -> 33434:33523 ACCEPT tcp ------ milo.none anywhere 1024:65535 -> whois DENY all ----l- anywhere anywhere n/a I'm using masquerading. I don't have telnet installed. ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] identd question
From: Darxus@ChaosReigns.com

References:

[PLUG] identd question
From: Beldon Dominello <beldon@speakeasy.org>

Re: [PLUG] identd question
From: Vik Bajaj <vbajaj@sas.upenn.edu>

Re: [PLUG] identd question
From: Beldon Dominello <beldon@speakeasy.org>

Re: [PLUG] identd question
From: Darxus@ChaosReigns.com

Prev by Date: Re: [PLUG] identd question

Next by Date: [PLUG] kernel panic

Previous by thread: Re: [PLUG] identd question

Next by thread: Re: [PLUG] identd question

Index(es):

Date

Thread