Hello Joris,
On Tue, 03 Sep 2002 21:50:33 +0200 Joris Kempen wrote: > Question: and what can I do more with this setup??? Any nice ideas? With Linux the sky is the limit, really. It just depends on what you want to accomplish and how much you're willing to learn to do so. Having said that, remember that installing software on the router, especially services directly or indirectly exposed to the outside world, increases the number of "tools" an attacker has at her disposal. > Well I have some small questions already: > > - I use MSN Messenger, and with program you can send/receive files from > other people. > With my current LRP setup, I'm only able to receive files. Can't send any. > Anyone know where to set this open on my LRP box? I don't use MSN messenger or have a Dachstein box that I can run messenger through, but in case no one with first-hand experience replies, here are some tidbits that might help... After a bit of googling, e.g. for "msn messenger" send files ipchains , it seems this is a common problem. You might want to try the approach described in the thread at: http://www.linuxquestions.org/questions/printthread.php?threadid=647 Another approach that might work is to install SOCKS on the firewall. If the file sending problem is related to the masqueraded connection, SOCKS might bypass it. I thought I remembered leaf-user discussions of this in the past, but the darn MSN ads in the message footers make it a pain to search. http://www.geocrawler.com/archives/3/7325/2001/6/50/6058186/ <aside> The ht://Dig search interface at http://www.mail-archive.com/leaf-user%40lists.sourceforge.net/ doesn't seem to support the boolean "not" operator. </aside> Hang on, just found a mailing list reference. Scott's suggestion in the thread at http://www.geocrawler.com/mail/thread.php3?subject=%5BLeaf-user%5D+EchoWall+and+MSN+Messenger&list=7325 might work. (I'm not positive the problem being solved is the same one you have though, so proceed with caution.) > Do I need to do some configuration? And where to change things, on the > Dachstein setup, or in EchoWall? If the approach described in the leaf-user thread above doesn't work, you'll probably need to add rules to /root/echowall/echowall.rules . (There may be a better place. Hopefully Scott Best is listening and can add his insight here.) > - how does Echowall work exactly on top of Dachstein??? The README file at http://leaf.sourceforge.net/devel/sbest/echowall/_README_ describes the basics. Beyond that file, you'll probably need to dig through the scripts, particularly /root/echowall/echowall . > - Is it possible to have IIS webserver running behind my LRP box (on a local > pc with let's say ip 192.168.1.3) and make it communicate with the outside? > My outside ip is something like 212.68.38.23 > and when i go with a browser to this IP on port 80, I want to access the IIS > website on local pc 192.168.1.3 > > I assume I need to forward my incoming request on port 80 on my router, to > forward them to my local PC with IIS. > > - I want to do the same for FTP, incoming traffic at port 21 or something to > forward to an internal ftp server. That's covered in the README mentioned above. Let us know if you have specific questions after reading it. If you have an extra NIC available, it would be more secure to put the web and ftp servers in a DMZ. That would make it more difficult for an attacker to penetrating your LAN if they are able to compromise those services. > - is there a way how to see what's all happening at my server? I know there > is the monitor on 192.168.1.254 but still I have no idea what's going on at > all. The packet filtering functions of Dachstein/echowall are built upon ipchains. You might want to read the ipchains howto[1] and then experiment a bit. You might also find the online ipchains log analyzers[2,3] enlightening. Robert Graham's "Firewall Forensics FAQ"[4] is also a great starter document. > - I have a 1,6 GB HD laying around. Any nice things I can do with that on my > router? There are lots of things you could do with the extra space. Two that come to mind offhand are a squid caching proxy server or a snort IDS. I *think* there are (old) Dachstein packages available for both. Remember that adding all that (writable) space gives attackers more room to install things like compilers and root kits if your firewall is compromised. Unless you have a real need to install extras, or you really want to learn about the add-ons and and you don't mind sacrificing security to do so, I'd recommend against adding the extras. > Lot's of questions, hope some one can answer some of them. > > Now I have my router finally working correctly, I just want to have some fun > with it. All ideas welcome:) Hope my reply helps a bit. Have fun! --Brad [1] http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html [2] like http://www.echogent.com/cgi-bin/fwlog.pl [3] and http://logi.cc/linux/ipchainsLogAnalyzer.php3 [4] http://www.robertgraham.com/pubs/firewall-seen.html > Gr. Joris > > Met vriendelijke groet, > > Joris Kempen ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
