narnie
August 16th, 2009, 05:38 PM
Hello,
I have firehol (along with tinyproxy) configed for dansguardian for my sis's family. However, after firehol is activated, I can't ping, ssh, vnc, etc.computers on which I have this configuration. If I "sudo /etc/init.d/firehol stop" then I can do whatever I want, but of course this defeats the purpose and my sis is not technosavy enough to easily do this if I need to ssh or vpn to fix stuff.
What do I need to add to my firehol.conf to allow things like pings, ssh, vnc, and whatever else may come up (thinking about freenx) so that these requests are not dropped.
I hope to learn this on my own, but I'm leaving my sisters soon and need a more rapid turn-a-round than my ability to quickly learn iptables can provide.
What exactly below is preventing these requests?
For future reference, any place on the net you recommend to learn more on this topic?
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
version 5
# Accept all client traffic on any interface
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
client all accept
server cups accept
#server webcache accept
client all accept
With thanks,
Narnie
I have firehol (along with tinyproxy) configed for dansguardian for my sis's family. However, after firehol is activated, I can't ping, ssh, vnc, etc.computers on which I have this configuration. If I "sudo /etc/init.d/firehol stop" then I can do whatever I want, but of course this defeats the purpose and my sis is not technosavy enough to easily do this if I need to ssh or vpn to fix stuff.
What do I need to add to my firehol.conf to allow things like pings, ssh, vnc, and whatever else may come up (thinking about freenx) so that these requests are not dropped.
I hope to learn this on my own, but I'm leaving my sisters soon and need a more rapid turn-a-round than my ability to quickly learn iptables can provide.
What exactly below is preventing these requests?
For future reference, any place on the net you recommend to learn more on this topic?
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
version 5
# Accept all client traffic on any interface
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
client all accept
server cups accept
#server webcache accept
client all accept
With thanks,
Narnie