[H-GEN] IP Tables Question

Andrew Pullin andrew at hotspurbgc.com.au
Mon Sep 10 10:40:53 EDT 2007 

Hi Guys (and Gals),

OK I have had a little feedback, I made an error, I didn't mean IP Chains in 
my last email, I meant IP Tables (I am not a noob, it has just been ages 
since I had to worry about this sort of stuff). Here is my original email 
with the amended info that will make it make a bit more sense.

My ISP has decided that I need a new range of IP addresses since he has
changed over his addresses to a different range. I am quite confident in
changing the network over, but I am quite inexperienced in the use of IP
Tables.

When I set up my network, I had a friendly HUMBUGer assisted me in locking
down the system with IP Tables and I have never had either any problems, nor
needed to change the original configuration. Now I will need to change the
configuration, and being basically lazy (like many *nix users), I don't want
to learn (right now) the intricassies of IP Tables for just one job. I just
want a quick and dirty (but safe and secure) method to change the IP Tables
config file until I can get the time to learn it properly.

So my question is:

Can I do something simple like a search and replace of my new IP Address
range for the old IP address range in the IP Tables config file, or do I 
need to
rebuild the file from some tool or some other convoluted method.

As I said, I only need to do this once, so I really don't want to spend
hours(days) researching this for one job. So if anyone can help, or if
anyone is willing to come over and spend half an hour in Zillmere/Aspley for
free or some small token fee (six pack of beer etc). I would be most
appreciative. The change over will probably occur in the next week or so, so
I need to know soonish.

Network info (for those who asked)

Modem-Firewall
              Firewall-private network

Unnecessary ports closed
protected by IP chains and IP tables

hosts.deny
ALL : ALL

hosts.allow
sshd : my subnet range (locked down from outside after a successful brute 
force penetration)
sshd : 192.168.0.0/255.255.255.0

in.telnetd : ALL (bacup only - never used but always monitored)
httpd : ALL
#in.ftpd : ALL

ALL : 127.0.0.1
ALL : my subnet range
ALL : 192.168.0.0/255.255.255.0


iptables v1.2.7a

iptables -L

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
eth0-in    all  --  anywhere             anywhere
eth1-in    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
eth0-eth1  all  --  anywhere             anywhere
eth1-eth0  all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
eth0-out   all  --  anywhere             anywhere
eth1-out   all  --  anywhere             anywhere

Chain eth0-eth1 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED

Chain eth0-in (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:https flags:SYN,RST,ACK/SYN

Chain eth0-out (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED
ACCEPT     icmp --  anywhere             anywhere           state NEW icmp 
echo-request
ACCEPT     udp  --  anywhere             anywhere           state NEW udp 
dpt:domain
ACCEPT     udp  --  anywhere             anywhere           state NEW udp 
dpts:traceroute:33524
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:smtp flags:SYN,RST,ACK/SYN

Chain eth1-eth0 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED
ACCEPT     all  --  anywhere             anywhere           state NEW

Chain eth1-in (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED
ACCEPT     all  --  anywhere             anywhere           state NEW

Chain eth1-out (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED
ACCEPT     tcp  --  anywhere             anywhere           state NEW tcp 
dpt:ssh


I haven't got a clue what all that IP Tables stuff means, but it works 
(hence my problem and questions). BTW where is this info or the config file 
stored? I had a quick look in etc, but it wasn't immediatly recognisable, 
but I may have missed it.

Thanks in advance

Cheers!

Andrew

More information about the General mailing list