Re: [Masq] server administration port 500

David Ranch Sun, 10 Sep 2000 14:24:55 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


 >I want my boxes that are behind my firewall to be able to reach one machine
 >lets stay 100.90.80.70 on port 500 it is for a secured website based server
 >configuration system.
 >what do i have to add to my firewall script, for the moment i am using the
 >trinityOS script

First, it depends on what kind of access you are looking for.  Ideally
in the name of security, you shouldn't allow the entire Internet but
only a few IP addresses.

If you can restrict it down to a few IPs
----------------------------------------
First un-# out one or more SECUREHOST variables and put in your
desired IPs.  Next, un-# out the respective SECUREHOST lines in
both the INPUT and OUTPUT sections and make sure that you edit
the line to allow IN and then OUT port 500.  Now jump to the
PORTFW section below in this email.

If you want to allow the Internet to access port 500
----------------------------------------------------
You need to copy an existing example such as the "HTTP Server" blocks
in both the INPUT and OUTPUT section and replace port 80 with port
500 (assuming this new traffic is TCP).

Setting up PORTFW
-----------------
Next, towards the top of the TrinityOS ruleset, you need to
un-# a PORTFWIP variable and put in the IP address of the
internal  server you want to contact on port 500.  Now,
you need to goto the PORTFW section of TrinityOS (almost
at the very end) and un-# out the line for the PORTFW
variable you just enabled.  Don't forget to update the
ports in this PORTFW line to be port 500 and 500 where as
the example uses 26 and 22.

Thats it.. re-run the firewall and you should be good to
go.

Now that I think of it, I think I'll add this to the
TrinityOS FAQ.

--David
.----------------------------------------------------------------------------.
|  David A. Ranch - Linux/Networking/PC hardware         [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
Re: [Masq] server administration port 500

Reply via email to
