floppyfw HELPPPPP

sirlinux

Anyone able to help me with floppy fw, my firewall.ini looks like below, floppyfw boots ok and start routing/masquerading traffic, but wehn i try to connect to SMTP or SSH routed through to an internal machine nothing happens!! on teh ports that are closed it actively refuses a connection but if you try to connect to 25 it just sits there and times out, any idea??

# Firewall setup.
#
# Setting up ipchains and ipmasqadm
#

. /etc/config

#
# Stopping forwarding (this script may be run during normal uptime because
# for re-lease of HDCP or demand dialing / PPPoE.
#
echo "0" > /proc/sys/net/ipv4/ip_forward

#
# Overriding the /etc/config and adding additional information.
#
. /etc/outside.info
. /etc/inside.info

#
# Brad suggested this:
# And he suggested to check and maybe change the formatting.
# We'll do that later.
#

echo "Starting firewall with the following config:"
echo
echo " Inside Outside"
echo " Network: ${INSIDE_NETWORK} ${OUTSIDE_NETWORK}"
echo " Device: ${INSIDE_DEVICE} ${OUTSIDE_DEVICE}"
echo "IP Address: ${INSIDE_IP} ${OUTSIDE_IP}"
echo " Netmask: ${INSIDE_NETMASK} ${OUTSIDE_NETMASK}"
echo " Broadcast: ${INSIDE_BROADCAST} ${OUTSIDE_BROADCAST}"
echo " Gateway: [None Set] ${OUTSIDE_GATEWAY}"
echo
#
# Flushing the chains.
#
ipchains -F

#
# Policy for forwarding, Deny
#
ipchains -P forward DENY > /dev/null

# But we want to Masquerade
ipchains -A forward -i ${OUTSIDE_DEVICE} -j MASQ > /dev/null
#ipchains -A forward -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j MASQ

# Using this one, you can open up the whole internal network to
# anyone adding a route to it through your outside IP.
# Can be quite useful but it is unsecure.

#ipchains -P forward MASQ

#
# Timeouts for the masqueraded connections.
#
ipchains -M -S 6000 120 300

#
# Minimum delay for SSH.
#
ipchains -A output -p tcp -d 0.0.0.0/0 22 -t 0x01 0x10

#
# We don't like the NetBIOS and Samba leaking..
#
/bin/ipchains -I input -j REJECT -p TCP -s 0/0 -d 0/0 137:139
/bin/ipchains -I input -j REJECT -p UDP -s 0/0 -d 0/0 137:139

#
# These are for port forwarding to a server on the inside network.
# remove the ipchains and ipmasqadm pair comments and replace
# the <SERVER-IP> with your real server IP.

#
# SSH:
#
ipchains -A input -p TCP -d ${OUTSIDE_IP} 22 -j ACCEPT # ssh
ipchains -A input -p TCP -d ${OUTSIDE_IP} 25 -j ACCEPT # smtp

# ipmasqadm portfw -a -P tcp -L ${OUTSIDE_IP} 22 -R 10.42.42.<SERVER-IP> 22 # ssh
ipmasqadm portfw -a -P tcp -L ${OUTSIDE_IP} 22 -R 192.168.1.10 22 # ssh
ipmasqadm portfw -a -P tcp -L ${OUTSIDE_IP} 25 -R 192.168.1.10 25 # smtp

#
# Mail / SMTP
#
# ipchains -A input -p TCP -d ${OUTSIDE_IP} 25 -j ACCEPT # mail
# ipmasqadm portfw -a -P tcp -L ${OUTSIDE_IP} 25 -R 10.42.42.<SERVER-IP> 25 # mail

#
# Web / HTTP
#
# ipchains -A input -p TCP -d ${OUTSIDE_IP} 80 -j ACCEPT # web
# ipmasqadm portfw -a -P tcp -L ${OUTSIDE_IP} 80 -R 10.42.42.<SERVER-IP> 80 # web

#
# Make www.grc.com happy.. or rather the "wow it's STEALTH" -crowd.
# If you are going to use ipmasqadm and inside servers you have to open
# up for them before this line. See above.
#
# But first, we have to accept the ftp data port so that the ftp
# masq module will work.
ipchains -A input -p TCP -d ${OUTSIDE_IP} 20 -j ACCEPT
# Identd on servers like reject alot better than DENY.
ipchains -A input -p TCP -d ${OUTSIDE_IP} 113 -j REJECT

# Then we can set everything at DENY, this could also be a policy.

ipchains -A input -p TCP -y -d ${OUTSIDE_IP} -j DENY
#
# Finally, list what we have
#
ipchains -n -L


#
# Rules set, we can enable forwarding in the kernel.
#
echo "Enabling IP forwarding."

echo "1" > /proc/sys/net/ipv4/ip_forward

#
# This enables dynamic IP address following
#
echo 7 > /proc/sys/net/ipv4/ip_dynaddr