You can tell I’m busy. No posts today so far. Installing Apache, MySQL, PHP on a new machine, and fiddling with firewalls.
Anyone good at iptables stuff? How do I let MSN Messenger through? The following would work fine if not for Messenger!

# /etc/sysconfig/iptables
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT

# lan
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s -d 0/0 -j ACCEPT

# ssh
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

# smtp
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT

# dns
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s dns1_server1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s dns_server2 --sport 53 -d 0/0 -j ACCEPT

# localhost
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

# reject everything else
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT

I found reAim which is a compact transparent proxy designed to be run on or behind a Linux IPTables based firewall.
Trying to proxy through Squid didn’t work either, I got the following error:

TCP_DENIED/403 1020 CONNECT messenger.hotmail.com:1863 – NONE/- –

That’s annoying.



Published by Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

Join the Conversation

1 Comment

Leave a comment

Leave a Reply to Daragh Cancel reply

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.