[wplug] ipchains

Josue Batista josue_batista at yahoo.com
Thu Jul 5 19:17:34 EDT 2001


Thanks everyone!  Issue resolved.

The problem we had was a combination of two issues:

1. /etc/hosts.allow
There was a typo in the /etc/hosts.allow file.  The
"in.telnet:" line was written as "in.xtelnetd:".  So
we fixed that "oops".

The BIG issue: ipchains.
========================
2. Next we flush ipchains and make sure there was no
rules in it:

/etc/init.d/ipchains stop
/etc/init.d/ipchains status

At this point we were able to telnet into this box
from the outside. 

3. We examined the /etc/sysconfig/ipchains and we
found the culprit:

-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT

4. We left that line there, but before that line we
added:

-A input -p tcp -s 161.201.12.39 -d 0/0 23 -y -j
ACCEPT

5. We restarted ipchains and verified our new rule was
added:
/etc/init.d/ipchains restart
/etc/init.d/ipchains status

6. We were able to telnet in, Yeah!!

Thanks again to all of you for your kind help.

-- Josue


Next we added a line to the 



--- Matthew Wright <mattmar at telerama.com> wrote:
> For iptables do the following:
> iptables -F
> iptables -X
> iptables -Z
> 
> That will flush everything. 
> 
> Make sure you have ALL: 161.201.12.39 in your
> /etc/hosts.allow file.
> 
> On 05 Jul 2001 16:34:14 -0400,
> harrold at sage.che.pitt.edu wrote:
> > 
> > 
> > -- 
> > john
> > 
> > Sometime in July Josue Batista assaulted keyboard
> and produced...
> > 
> > |chkconfig --list telnet
> > |
> > |shows telnet as "on".
> > |
> > |At this pointwe think it's an issue with ipchains
> > |rules.  We are going to take a look at the
> > |/etc/sysconfig/ipchains file.
> > |
> > |-- Josue
> > 
> > doesnt redhat 7.1 use a 2.4 kernel? that might
> also be using iptables
> > instead of ipchains. have you tried to flush the
> rulesets in ipchains:
> > ipchains -F
> > 
> > that should clean anything there out and if
> ipchains was the problem you
> > should be able to telnet in after the flush. i
> dont know the similar
> > command using iptables.
> > 
> > 
> > --
> > john
> > 
> > _______________________________________________
> > wplug mailing list
> > wplug at wplug.org
> > http://www.wplug.org/mailman/listinfo/wplug
> > 
> 
> 
> 
> -- 
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> S. Matthew & Marietta F. Wright
> mattmar at telerama.com
> http://www.diztorded.com
> ICQ: 139604
> 
> Key available from pgp.ai.mit.edu
> ID: 71E11FE4 
> Fingerprint: 5443 7945 7EF8 6284 7464  97E8 12B6
> 2A1C 4C4C 6434
> 
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug


=====
- ABC Tech Solutions
http://www.abcsolutions.org
[Java/Oracle/Linux] [C/S & Internet Database Apps]

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/



More information about the wplug mailing list