rp-pppoe firewall

[gjansky]

Since I got Verizon DSL, I downloaded rp-pppoe in order to connect my adsl modem. rp-pppoe creates a firewall for masquerading machines which I've included below. My question is, how do I ftp out to a site hosting my web site (Yahoo.) I don't want to allow ftp in to my server, but I know I need to allow Yahoo back through the firewall.

The address for the ftp server is: 209.1.225.146
(and port 20 is showing up in my logs.)

I'm just trying to figure out what rules to add to the firewall.

Code:

# Interface to Internet
EXTIF=ppp+

ANY=0.0.0./0

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY

ipchains -F forward
ipchains -F input
ipchains -F output

# Deny TCP and UDP packets to privledged ports
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY

# Deny TCP connection attempts
ipchains -A input -l -i $EXTIF -p tcp -y -j DENY

# Deny ICMP echo-requests
ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY

# Do masquerading
ipchains -A forward -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks.

Greg

[boblucci]

this is what i did , i have the same setup as you, it works perfectly for me.

rerun the adsl-setup script and at the very end when it asks if you want a firewall , take the option for a stand alone pc.

then go out and d/l this http://www.pmfirewall.com/PMFirewall/ and install it. This will take care of you ports ( ftp, smtp, 80, whatever yoy want )

[Compunuts]

then go out and d/l this http://www.pmfirewall.com/PMFirewall/ and install it. This will take care of you ports ( ftp, smtp, 80, whatever yoy want )

OH yeah, I will second this idea. PMFirewall is very easy to set up. I just did it today. After trying to get things going manually and 5 re-install of Debian in the process later, I gave up and download PMFirewall and I was back on line within 5 minutes...... The setup script is awesom !