Hello all!
Kudos to the LEAF and LRP team, esp. Mr. Steinkuehler - once I
actually understood the installation instructions (having misread one
section about a dozen times), Dachstein came up and just worked!
I have a question regarding ipchain rules that are enabled by default.
The FAQ (sourceforge LEAF, sec06) on 'LRP won't route to a private IP
Range' states:
"As your external NIC address falls in the 192.168.x.x range,
comment out that one line
# $IPCH -A $LIST -j DENY -p all -s 192.168.0.0/16 -d 0/0 -l $*
save and exit the file."
If my understanding is correct, commenting this line allows traffic from
*ALL* Class C private networks, which makes me a bit nervous - I mean, I
have to assume that the reason the rule is there is because there is a
known risk to allowing these networks access!
From a brief look through the ipchains documentation, it appears that it
might be possible to allow a particular host on a net in while denying all
others. Is this the case?
Why couldn't one allow HTTP access to 192.168.100.1 but deny access to all
other 192.168.0.0 subnets and protocols?
The 192.168.100.1 is the address of my cable modem, and is physically
attached to eth0 - http access to that address allows me to view parameters
and configuration of the modem.
Thanks!
Ken
==========================================================================
J. Kenneth Gentle (Ken) | Phone: (610)255-0361 FAX:(610)255-0418
Gentle Software, LLC | Email: [EMAIL PROTECTED]
==========================================================================
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
