Busy

You can tell I’m busy. No posts today so far. Installing Apache, MySQL, PHP on a new machine, and fiddling with firewalls.
Anyone good at iptables stuff? How do I let MSN Messenger through? The following would work fine if not for Messenger!

# /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT

# lan
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0/255.255.255.0 -d 0/0 -j ACCEPT

# ssh
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

# smtp
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT

# dns
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s dns1_server1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s dns_server2 --sport 53 -d 0/0 -j ACCEPT

# localhost
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

# reject everything else
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

I found reAim which is a compact transparent proxy designed to be run on or behind a Linux IPTables based firewall.
Trying to proxy through Squid didn’t work either, I got the following error:

TCP_DENIED/403 1020 CONNECT messenger.hotmail.com:1863 – NONE/- –

That’s annoying.

Comments

comments

Published by Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

Join the Conversation

1 Comment

Leave a comment

Leave a Reply to Daragh Cancel reply

css.php
%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close