Busy

You can tell I’m busy. No posts today so far. Installing Apache, MySQL, PHP on a new machine, and fiddling with firewalls.
Anyone good at iptables stuff? How do I let MSN Messenger through? The following would work fine if not for Messenger!

# /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT

# lan
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0/255.255.255.0 -d 0/0 -j ACCEPT

# ssh
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

# smtp
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT

# dns
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s dns1_server1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s dns_server2 --sport 53 -d 0/0 -j ACCEPT

# localhost
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

# reject everything else
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

I found reAim which is a compact transparent proxy designed to be run on or behind a Linux IPTables based firewall.
Trying to proxy through Squid didn’t work either, I got the following error:

TCP_DENIED/403 1020 CONNECT messenger.hotmail.com:1863 – NONE/- –

That’s annoying.

Comments

comments

One Reply to “Busy”

Leave a Reply