Linux-Misc Digest #447, Volume #27 Sun, 25 Mar 01 11:13:01 EST
Contents:
default path ("lenny")
Re: switchdesk problem... (Andrew Purugganan)
Re: switchdesk problem... ("lenny")
System crashed again, when dialing my ISP, as usual. (Jean-David Beyer)
Umlaute (Denis Can)
Re: slave ypserv (Christoph Kukulies)
Re: default path ("Peter T. Breuer")
Re: Question on FIPS ("Peter T. Breuer")
Re: MGA400 + DRI in XFree 4 (Alex Fitterling)
Re: MGA400 + DRI in XFree 4 ([EMAIL PROTECTED])
Re: where to set harddisk geometry (Stefano Ghirlanda)
Re: Newbie Question about GUI (Lee Webb)
kernle 2.4.2 and XFree 4.0.1..big mess (Lorenzo)
Problem setting up USB - hotplug_path not found (Billy Bob Jameson)
Re: Question on FIPS (Steve)
Re: default path (Steve)
Re: iptables under 2.4.2 (Daryl Fonseca-Holt)
Re: Umlaute (Thomas Zajic)
----------------------------------------------------------------------------
From: "lenny" <[EMAIL PROTECTED]>
Subject: default path
Date: Sun, 25 Mar 2001 13:09:46 GMT
Where do I set the default path used at startup.
Thanks.
Lenny
mailto:[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Andrew Purugganan)
Subject: Re: switchdesk problem...
Date: 25 Mar 2001 12:58:56 GMT
ed ([EMAIL PROTECTED]) wrote:
[ I
[ prefer kde and used switchdesk to select kde. I logged out and used
[ startx again but gnome is now my desktop manager. I tried to find a
[ file
[ that I could edit to get back to kde but am having no luck. Can
[ anyone
[ point me to an .rc file or another file that I can access to cure the
IIRC...
do a locate gdm or locate kdm
there'll be an xdm in the same spot, and it symlinks to either one
maybe all you need is to make it point back to kdm. Or edit it
somebody with RH correct me if I'm mistaken
--
jazz
Registered linux user no. 164098 +--+--+--+ Litestep user no. 386
Doesn't it bother you, that we have to search for intelligent life
--- OUT THERE??
------------------------------
From: "lenny" <[EMAIL PROTECTED]>
Subject: Re: switchdesk problem...
Date: Sun, 25 Mar 2001 13:20:30 GMT
In article <[EMAIL PROTECTED]>, "ed" <[EMAIL PROTECTED]>
wrote:
> I'm running rh7 and initially installed it with kde as my default
> desktop manager. I then used switchdesk to change to gnome to try it.
> I
> prefer kde and used switchdesk to select kde. I logged out and used
> startx again but gnome is now my desktop manager. I tried to find a
> file
> that I could edit to get back to kde but am having no luck. Can
> anyone
> point me to an .rc file or another file that I can access to cure the
>
> problem? thanks in advance...
>
> Ed
>
Ed:
I use Rhat and can set the desktop in the file /etc/sysconfig/desktop
DESKTOP="KDE" should get you back.
------------------------------
From: Jean-David Beyer <[EMAIL PROTECTED]>
Subject: System crashed again, when dialing my ISP, as usual.
Date: Sun, 25 Mar 2001 09:03:54 -0500
My system crashed again this morning when dialing my ISP. This is when
it always crashes (i.e., when it crashes, it crashes calling my ISP;
it by no means crashes every time).
My /var/log/messages had this to say:
Mar 25 06:07:01 valinux ifup-ppp: pppd started for ppp0 on /dev/modem
at 115200
Mar 25 06:07:01 valinux kernel: CSLIP: code copyright 1989 Regents of
the University of California
Mar 25 06:07:01 valinux kernel: PPP: version 2.3.7 (demand dialling)
Mar 25 06:07:01 valinux kernel: PPP line discipline registered.
Mar 25 06:07:01 valinux kernel: registered device ppp0
Mar 25 06:07:01 valinux pppd[5804]: pppd 2.3.11 started by root, uid 0
Mar 25 06:07:19 valinux named[630]: ns_forw: sendto([64.59.192.1].53):
Network is unreachable
Mar 25 06:07:28 valinux pppd[5804]: Serial connection established.
Mar 25 06:07:28 valinux pppd[5804]: Using interface ppp0
Mar 25 06:07:28 valinux pppd[5804]: Connect: ppp0 <--> /dev/modem
Mar 25 06:07:31 valinux kernel: PPP BSD Compression module registered
Mar 25 06:07:31 valinux kernel: PPP Deflate Compression module
registered
When things work, it says this instead:
Mar 25 06:38:10 valinux ifup-ppp: pppd started for ppp0 on /dev/modem
at 115200
Mar 25 06:38:10 valinux kernel: registered device ppp0
Mar 25 06:38:10 valinux pppd[1337]: pppd 2.3.11 started by root, uid 0
Mar 25 06:38:25 valinux PAM_pwdb[1348]: (su) session opened for user
root by jdbeyer(uid=500)
Mar 25 06:38:37 valinux pppd[1337]: Serial connection established.
Mar 25 06:38:37 valinux pppd[1337]: Using interface ppp0
Mar 25 06:38:37 valinux pppd[1337]: Connect: ppp0 <--> /dev/modem
Mar 25 06:38:40 valinux kernel: PPP BSD Compression module registered
Mar 25 06:38:40 valinux kernel: PPP Deflate Compression module
registered
Mar 25 06:38:40 valinux pppd[1337]: local IP address 208.225.67.131
Mar 25 06:38:40 valinux pppd[1337]: remote IP address 208.225.64.55
Am I correct in inferring that there is a bug in pppd? It does not
seem to be a simple cracker problem as tripwire does not notice that
anything is changed in the ppp area.
I have ppp-2.3.11-4 on this machine, but do not see anything newer for
Red Hat Linux 6.2 that I am running. This has kernel
kernel-2.2.14-VA.2.1smp running at the moment. This supposedly has
most of the current bugs fixed. There is a
kernel-smp-2.2.14-VA.5.1.i686.rpm out there that I have run in the
past, but when I reinstalled everything in an effort to track down
this bug, I did not install the new kernel; i.e., it had the problem
too. They also have a kernel-smp-2.2.18pre11-va2.0. I am not clear if
a pre11-va2.0 is the way to go or not. The "pre" worries me.
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 8:50am up 2:37, 3 users, load average: 2.16, 2.16, 2.03
------------------------------
From: Denis Can <[EMAIL PROTECTED]>
Subject: Umlaute
Date: Sun, 25 Mar 2001 16:12:01 +0200
Hi,
Ich kann bei knode (posting) keine Umlaute eingeben (z.B ae = ??, oe=?).
Bei settings->configure knode->posting news->technical ist iso-8859-1
eingestellt. Ich habe alle ausprobiert. Kein Erfolg.
Was mache ich falsch ?
Danke fuer jede Hilfe..
------------------------------
From: Christoph Kukulies <[EMAIL PROTECTED]>
Subject: Re: slave ypserv
Date: 25 Mar 2001 14:16:01 GMT
Peter T. Breuer <[EMAIL PROTECTED]> wrote:
: Christoph Kukulies <[EMAIL PROTECTED]> wrote:
:> Scenario: RH 6.1
:> I want to make my system (>20 RH workstations, NFS, amd, NIS/yp)
:> it bit safer against dropouts.
:> That is, introduce a second (slave) NIS/yp server.
:> How can I accomplish this?
: You can't really. You CAN make the second server a NIS slave to the
That's odd. I recall that Sun YP/NIS always had this facility.
: first (if they've fixed yppush by now), and then get it to ping the
: primary. When the ping fails, get it to put up an ip alias for the
: master so that nis calls go to it instead of the primary (you'll need a
: floating IP alias as the "master").
: An alternative is for the clients to make broadcast calls. But that's
: horrible.
: Peter
--
Chris Christoph P. U. Kukulies [EMAIL PROTECTED]
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: default path
Date: Sun, 25 Mar 2001 14:20:09 GMT
lenny <[EMAIL PROTECTED]> wrote:
> Where do I set the default path used at startup.
startup by what of what?
If you mean init, it can be set in the init scripts, but will
be the default for the shell concerned, unless changed. So
check your /etc/profile.
Peter
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: Question on FIPS
Date: Sun, 25 Mar 2001 14:20:10 GMT
Tim Thompson <[EMAIL PROTECTED]> wrote:
> If I split the partition into two partitions, one to run Windows 98, and the
> other to run Red Hat Linux 6, will I be able to undo the Linux partition if
Undo it? You will be able to erase it and then resize the win partition
to fill the whole disk again.
> I want to go back to having the whole disk to run Windows, and do I do this
> using FIPS.
I guess so. I've only doen it in one direction. But I can tell you that
fips doesn't know anything about the direction of the change!
> Last time I tried this I lost Windows and 1 Gb from the hard disk. I tried
> lots of things, but Windows refused to see the Linux partition. I even tried
Why would you expect it to? You have to delete the partition using an
fdisk that will delete it .. like linux's.
> to reformat the hard disk: even this did not work.
Eh? It works fine. Just write zeros to the whole disk. You'll feel
better for it ;-). Mind you, writing zeros to the first sector (512 bytes)
would wipe out the partition table quite well enough. No trying this
at home kiddies.
Peter
------------------------------
From: Alex Fitterling <[EMAIL PROTECTED]>
Subject: Re: MGA400 + DRI in XFree 4
Date: Sun, 25 Mar 2001 16:36:10 +0200
Hello Adam,
>> Are you many people ???? grxmbfx
>>> Adam
>> :)
> I'm certainly among them.
:)
...then, may I ask you something ?
ever had problems with bttv ? ... my xawtv seems if I run with DRI,
not working, it can't do grab from video device (in normal X mode,
with disabling drm, I can use there overlay mode, and it's working
great.)
Which DRI modules are you using ? did you compile it yourself or used
one of binary distribution ?
Which kernel are you using ?
...I uses 2.4.2 but with DRI my X behaves somewhat strange,
e.g. suddenly vanishing mouse cursor if I switch back to X from
console, bttv.... as further info I use MGA400 with 16MB...
can you give me any hints.. I guess yours is working well :)
Alex
--
A. Fitterling / [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: MGA400 + DRI in XFree 4
Date: Sun, 25 Mar 2001 14:48:30 GMT
Alex Fitterling <[EMAIL PROTECTED]> wrote:
> Hello Adam,
>>> Are you many people ???? grxmbfx
>>>> Adam
>>> :)
>> I'm certainly among them.
> :)
> ...then, may I ask you something ?
> ever had problems with bttv ?
Nope.
> ... my xawtv seems if I run with DRI,
> not working, it can't do grab from video device (in normal X mode,
> with disabling drm, I can use there overlay mode, and it's working
> great.)
Works for me with or without DRI enabled.
> Which DRI modules are you using ? did you compile it yourself or used
> one of binary distribution ?
Compiled it myself from the DRI cvs (http://dri.sourceforge.net)
> Which kernel are you using ?
I've used it with 2.4.0, 2.4.1, and 2.4.2.
> ...I uses 2.4.2 but with DRI my X behaves somewhat strange,
> e.g. suddenly vanishing mouse cursor if I switch back to X from
> console, bttv.... as further info I use MGA400 with 16MB...
> can you give me any hints.. I guess yours is working well :)
There isn't much more I can tell you other than perhaps upgrading your DRI
distribution. If that fails, you can always ask on the dri-users and/or
the dri-devel mailing lists.
Adam
------------------------------
From: Stefano Ghirlanda <[EMAIL PROTECTED]>
Subject: Re: where to set harddisk geometry
Date: 25 Mar 2001 16:51:39 +0200
[EMAIL PROTECTED] (Dave Brown) writes:
> I'd swear that there was a way to have these parameters known to the current
> "environment". I've had problems with a scsi disk, which I boot from.
> I'd partitioned with chs something like 1115,255,63. It all seemed to
> worked initially.
>
> But lately I've tried to use Lilo, it complains that it can deal with 8000
> cylinders. Needless to say, telling fdisk the "prescribed" geometry
> doesn't help Lilo. And, of course, the scsi controller doesn't bother to
> save any "geometry".
>
> Is it just a version of Lilo that's too old, or am I missing something?
I have a similar problem. My SCSI card (Adaptex) won't let me boot
before complaining that I have a disk geometry incompatible with the
one stored on the card. Everything works booting from floppy since
linux doesn't listen to the SCSI card's opinions (or even uses the
disk geometry for anything, as far as I know).
Anyway I can't get around this and I have to boot from
floppy... Someone on this ng suggested me a way long ago but I don't
remember it, and I think involved repartitioning the hard drive.
Let me know if you have some relevant info... thanks,
--
Stefano - Hodie octavo Kalendas Apriles MMI est
------------------------------
From: [EMAIL PROTECTED] (Lee Webb)
Subject: Re: Newbie Question about GUI
Date: 25 Mar 2001 14:59:57 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 25 Mar 2001 10:23:16 GMT, Bart Friederichs wrote:
>The R wrote:
>
>> How do I start the GUI ?
>kdm, gdm or xdm start a GUI login screen. when you put this in your
>rc.local startup script, it will load automagically.
>
>
Personally, I'd alter the /etc/inittab from init 3 to init 5:
Change:
id:3:initdefault:
to
id:5:initdefault:
init 3 is mulituser without X
init 5 is X11
Lee.
>
------------------------------
From: Lorenzo <[EMAIL PROTECTED]>
Subject: kernle 2.4.2 and XFree 4.0.1..big mess
Date: Sun, 25 Mar 2001 15:03:27 GMT
I have built my kernel in many ways but this seems to be the main
obstacle for the X server starting:
[drm] Sarea 2176+624: 2800
(0): [drm] created "mga" driver at busid "PCI:1:0:0"
(0): [drm] added 4096 byte SAREA at 0xc5bb4000
(0): [drm] mapped SAREA 0xc5bb4000 to 0x40019000
(0): [drm] framebuffer handle = 0xd8000000
(0): [drm] added 1 reserved context for kernel
(EE) MGA(0): [drm] MGADRIScreenInit failed (DRM version = 2.0.1,
expected 1.0.x). Disabling DRI.
(0): [drm] failed to remove DRM signal handler
Fatal server error:
Caught signal 11.
I have a Matrox G400 and I selected the dri support in the kernel
configuration. But I still don't understand how to solve this
problem...
Thanks a lot! Lorenzo
------------------------------
From: Billy Bob Jameson <[EMAIL PROTECTED]>
Subject: Problem setting up USB - hotplug_path not found
Date: Sun, 25 Mar 2001 15:26:16 GMT
Hi all,
I tried to install USB support for my USB printer. Added all USB modules
but while my laptop has no problem with the same kernel configuration
(in regards to USB), my desktop PC fails to load usb-uhci (or ohci for
that matter) with "hotplug_path not found". Any ideas?
TIA
------------------------------
From: [EMAIL PROTECTED] (Steve)
Subject: Re: Question on FIPS
Date: 25 Mar 2001 15:31:57 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 25 Mar 2001 12:34:31 -0800, Tim Thompson wrote:
>I tried to install Linux last year, and screwed up my hard disk so badly
>that I gave up. I want to have another go but have the following question
>re: FIPS,
>
>If I split the partition into two partitions, one to run Windows 98, and the
>other to run Red Hat Linux 6, will I be able to undo the Linux partition if
>I want to go back to having the whole disk to run Windows, and do I do this
>using FIPS.
Make a DOS boot disk that has fdisk.exe on it, you can use fdisk to
reclaim the Linux partition. Back up all of your data before you start
messing with partitions, in my experience you're lightly to lose the lot
so a backup is essential.
Even better still, get a small HD and install Linux on there, use it for
a while and if you like it then you can go to the trouble of messing
around with partitions and dual booting etc, but it does mean having the
cover off the PC so that you can swap disks while you're experimenting
with Linux. I took this approach and got to like Linux so much that I
deleted all the windows stuff and installed Linux on the big HD and now
use the small HD for essential backup material like my mail, config files,
bookmarks and important data (automated incremental backups every night
all done with the stuff that comes with the OS).
--
Cheers
Steve email mailto:[EMAIL PROTECTED]
%HAV-A-NICEDAY Error not enough coffee 0 pps.
web http://www.zeropps.uklinux.net/
or http://start.at/zero-pps
4:11pm up 51 days, 16:54, 2 users, load average: 1.16, 1.03, 1.01
------------------------------
From: [EMAIL PROTECTED] (Steve)
Subject: Re: default path
Date: 25 Mar 2001 15:31:56 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 25 Mar 2001 13:09:46 GMT, lenny wrote:
>Where do I set the default path used at startup.
In /home/user/.bash_profile you can change the path,
I add a bin directory in my home directory to my path
PATH=$PATH:$HOME/bin
And then below the variables are exported, so make sure
that PATH is being exported along with the others.
--
Cheers
Steve email mailto:[EMAIL PROTECTED]
%HAV-A-NICEDAY Error not enough coffee 0 pps.
web http://www.zeropps.uklinux.net/
or http://start.at/zero-pps
4:11pm up 51 days, 16:54, 2 users, load average: 1.16, 1.03, 1.01
------------------------------
From: [EMAIL PROTECTED] (Daryl Fonseca-Holt)
Crossposted-To: comp.os.linux.setup
Subject: Re: iptables under 2.4.2
Reply-To: [EMAIL PROTECTED]
Date: Sun, 25 Mar 2001 09:29:56 -0600
On Sun, 25 Mar 2001 02:43:35 -0500, Nick Traxler <[EMAIL PROTECTED]> wrote:
>Does anyone know a simple one or two command sequence to
>iptables to turn on forwarding for everything?
>Under 2.2.16, I just did:
>
>ipchains -A forward -s 0.0.0.0/0.0.0.0
>-d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ
>
>and everything magically forwarded. ICQ file send worked
>through the masquerade, and I was happy. But I can't figure
>out iptables, and I don't really have time right now to pore
>over the manpage or try to customize someone's long
>rc.firewall script.
>
>Does anyone know this one?
>Thanks in advance!
>--
>Nick Traxler
>Computer Science, Purdue University
>http://www.cs.purdue.edu/people/traxlend
>
>"The two most common things in the Universe are Hydrogen and Stupidity."
This works for me. Don't be fooled the $IPCHAINS variable, it points to
IPTABLES. You may need to customize this some before using on you system,
particularly the value of $INTERNALNET and $LOCALIF.
This script was orignally generated for me for ipchains, but I manually updated
it for iptables.
It allows me to surf, play Quake, use AIM, etc from my LAN workstations or my
Linux firewall/server.
HTH,
Wyatt
#!/bin/bash
logger -i "$0 called"
#dfInterfaces -
# Local Interface
# This is the interface that is your link to the world
LOCALIF="ppp0"
# Internal Interface
# This is the interface for your local network
# NOTE: INTERNALNET is a *network* address. All host bits should be 0
INTERNALNET="172.16.0.0/16"
# Set the location of ipchains.
IPCHAINS="/usr/sbin/iptables"
# Flush the ruleset and let this script re-build a wall with
# our new IP address
$IPCHAINS -F INPUT
$IPCHAINS -F OUTPUT
$IPCHAINS -F FORWARD
$IPCHAINS -t nat -F POSTROUTING
$IPCHAINS -t mangle -F OUTPUT
LOCALIP=`/sbin/ifconfig $LOCALIF | grep inet \
| cut -d ':' -f 2 | cut -d ' ' -f 1`
LOCALMASK=`/sbin/ifconfig $LOCALIF | grep Mask | cut -d : -f 4`
LOCALNET="$LOCALIP/$LOCALMASK"
echo "Internal: $INTERNALNET"
echo "External: $LOCALNET"
REMOTENET="0/0"
#$IPCHAINS -A INPUT -d 172.16.0.3 -j LOG --log-level debug
#$IPCHAINS -A OUTPUT -s 172.16.0.3 -j LOG --log-level debug
# ----- Allow all connections from the network to the outside -
$IPCHAINS -A INPUT -s $INTERNALNET -d $REMOTENET -j ACCEPT
$IPCHAINS -A OUTPUT -s $INTERNALNET -d $REMOTENET -j ACCEPT
echo -n ".."
echo "Done!"
# ------ Allow all connections within the network -
#echo -n "Internal.."
$IPCHAINS -A INPUT -s $INTERNALNET -d $INTERNALNET -j ACCEPT
$IPCHAINS -A OUTPUT -s $INTERNALNET -d $INTERNALNET -j ACCEPT
$IPCHAINS -A INPUT -i arc0 -s ! $INTERNALNET -j DROP
$IPCHAINS -A INPUT -i ppp+ -s $INTERNALNET -j DROP
echo -n ".."
echo "Done!"
# -------- Allow loopback interface -
echo -n "Loopback.."
$IPCHAINS -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
$IPCHAINS -A INPUT -i ! lo -s 127.0.0.0/255.0.0.0 -j DROP
$IPCHAINS -A OUTPUT -o lo -s 0/0 -d 0/0 -j ACCEPT
$IPCHAINS -A OUTPUT -o ! lo -s 127.0.0.0/255.0.0.0 -j DROP
echo -n ".."
echo "Done!"
# ---------Masquerading -
echo -n "Masquerading.."
# Setup masquerading
$IPCHAINS -A FORWARD -s $LOCALNET -j ACCEPT
echo -n "."
$IPCHAINS -A FORWARD -d $LOCALNET -j ACCEPT
echo -n "."
# masquerade all internal IP's going outside
$IPCHAINS -t nat -A POSTROUTING -d ! $INTERNALNET -j MASQUERADE
echo -n "."
# set Default rule on MASQ chain to Deny
$IPCHAINS -P FORWARD ACCEPT
echo -n "."
# ----Set telnet, www and FTP for minimum delay -
# This section manipulates the Type Of Service (TOS) bits of the
# packet. For this to work, you must have CONFIG_IP_ROUTE_TOS enabled
# in your kernel
echo -n "TOS flags.."
$IPCHAINS -t mangle -A OUTPUT -m tcp -p tcp -d 0/0 --dport www \
-j TOS --set-tos 16
$IPCHAINS -t mangle -A OUTPUT -m tcp -p tcp -d 0/0 --dport telnet \
-j TOS --set-tos 16
$IPCHAINS -t mangle -A OUTPUT -m tcp -p tcp -d 0/0 --dport ftp \
-j TOS --set-tos 16
$IPCHAINS -t mangle -A OUTPUT -m tcp -p tcp -d 0/0 --dport 4013 \
-j TOS --set-tos 16
$IPCHAINS -t mangle -A OUTPUT -m udp -p udp -d 0/0 --dport 4013 \
-j TOS --set-tos 16
# for Quake III
$IPCHAINS -t mangle -A OUTPUT -m udp -p udp -d 0/0 --dport 27960 \
-j TOS --set-tos 16
echo -n "..."
# Set ftp-data for maximum throughput
$IPCHAINS -t mangle -A OUTPUT -m tcp -p tcp -d 0/0 --dport ftp-data \
-j TOS --set-tos 8
echo -n "."
echo "Done!"
# -------- Banned Networks -
# Blast all other @home connections into infinity and log them.
# $IPCHAINS -A INPUT -s 24.0.0.0/8 -d $LOCALNET -j DROP
#echo -n "."
#echo "Done!"
echo -n "Port Blocks.."
# Incoming Ping requests
$IPCHAINS -A INPUT -m icmp -p icmp --icmp-type echo-request \
-i ppp+ -s $REMOTENET -j ACCEPT
# Don't know what these are. dwf.
$IPCHAINS -A INPUT -m tcp -p tcp -i ppp+ -s 0/0 -d $LOCALNET --dport 3 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -i ppp+ -s 0/0 -d $LOCALNET --dport 3 -j DROP
$IPCHAINS -A INPUT -m tcp -p tcp -i ppp+ -s 0/0 -d $LOCALNET --dport 0 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -i ppp+ -s 0/0 -d $LOCALNET --dport 0 -j DROP
# Secure Shell from the outside
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 22 -j ACCEPT
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 22 -j ACCEPT
# telnet
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET \
--dport 23 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET \
--dport 23 -j DROP
# auth (identd)
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET \
--dport 113 -j ACCEPT
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET \
--dport 113 -j ACCEPT
# NetBEUI/Samba
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 139 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 139 -j DROP
$IPCHAINS -A OUTPUT -m tcp -p tcp -s $LOCALNET -d 0.0.0.0/0 \
--dport 137:139 -j DROP
$IPCHAINS -A OUTPUT -m udp -p udp -s $LOCALNET -d 0.0.0.0/0 \
--dport 137:139 -j DROP
echo -n "."
# Microsoft SQL
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 1433 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 1433 -j DROP
echo -n "."
# Postgres SQL
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 5432 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 5432 -j DROP
echo -n "."
# Network File System
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 2049 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 2049 -j DROP
echo -n "."
# X Displays :0-:2-
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET \
--dport 5999:6003 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET \
--dport 5999:6003 -j DROP
echo -n "."
# X Font Server :0-:2-
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 7100 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 7100 -j DROP
echo -n "."
# Back Orifice (logged)
$IPCHAINS -A INPUT -m udp -p tcp -s $REMOTENET -d $LOCALNET \
--dport 31337 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET \
--dport 31337 -j DROP
echo -n "."
# NetBus (logged)
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET \
--dport 12345:12346 -j DROP
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET \
--dport 12345:12346 -j DROP
$IPCHAINS -A INPUT -m tcp -p tcp -i ppp+ -s $REMOTENET \
--dport 10236 -j DROP
echo -n "."
echo "Done!"
# ----------------- High Unprivileged ports -
# These are opened up to allow sockets created by connections allowed by
# ipchains
echo -n "High Ports.."
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET \
--dport 1023:65535 -j ACCEPT
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET \
--dport 1023:65535 -j ACCEPT
echo -n "."
echo "Done!"
# -------------- Basic Services -
echo -n "Services.."
# DNS (53)
$IPCHAINS -A INPUT -m tcp -p tcp -s $REMOTENET -d $LOCALNET --dport 53 -j ACCEPT
$IPCHAINS -A INPUT -m udp -p udp -s $REMOTENET -d $LOCALNET --dport 53 -j ACCEPT
echo -n ".."
echo -n "ICMP Rules.."
# Use this to deny ICMP attacks from specific addresses
# $IPCHAINS -A INPUT -b -i $EXTERNALIF -p icmp -s <address> -d 0/0 -j DROP
# echo -n "."
# Allow incoming ICMP
$IPCHAINS -A INPUT -p icmp -s $REMOTENET -d $LOCALNET -j ACCEPT
$IPCHAINS -A INPUT -p icmp -s $REMOTENET -d $LOCALNET -j ACCEPT
echo -n ".."
# Allow outgoing ICMP
$IPCHAINS -A OUTPUT -p icmp -s $LOCALNET -d $REMOTENET -j ACCEPT
$IPCHAINS -A OUTPUT -p icmp -s $LOCALNET -d $REMOTENET -j ACCEPT
$IPCHAINS -A OUTPUT -p icmp -s $INTERNALNET -d $REMOTENET -j ACCEPT
$IPCHAINS -A OUTPUT -p icmp -s $INTERNALNET -d $REMOTENET -j ACCEPT
echo -n "...."
echo "Done!"
# --------------------------- set default policy -
$IPCHAINS -A INPUT -j DROP
$IPCHAINS -A OUTPUT -j ACCEPT
echo ""
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Finished Establishing Firewall."
logger -i "$0 Finished Establishing Firewall."
------------------------------
From: [EMAIL PROTECTED] (Thomas Zajic)
Subject: Re: Umlaute
Reply-To: [EMAIL PROTECTED] (Thomas Zajic)
Date: Sun, 25 Mar 2001 15:45:03 GMT
On 25/03/01, Denis Can ([EMAIL PROTECTED]) wrote:
> [ ... ]
> Was mache ich falsch ?
> [ ... ]
<LART>
You're posting to an international newsgroup in German. Try a group
in the de.comp.* hierarchy instead.
</LART>
Thomas
--
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic <[EMAIL PROTECTED]> Linux-2.2.18/slrn-0.9.6.3pl4 -
- "It is not easy to cut through a human head with a hacksaw." (M. C.) -
=-------------------------------------------------------------------------=
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.misc.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
