>Just curious, other than TrinityOS, are there any other
>good example sites for rules of firewalls with the following:
Yeah.. Lots!
For example, I got these from The Linux Documentation Project WWW
link page ( http://metalab.unc.edu/LDP/links.html ):
http://rlz.ne.mediaone.net/linux
http://jgo.local.net/LinuxGuide/
>What I am looking for is examples with ipfwadm or ipchains when
>you have mutliple aliased NICs and how you have to set those
>up. Any pointers would be great...
Use any of these IPFWADM/IPCHAINS rulesets but just specify the interface
that has the relivant aliased IP. For example:
mailhost.supercomputer.com: aliased NIC: eth0:2
aliased IP: 200.111.232.12
So, for EACH line that you want to allow in for say SMTP,
you would have (based from TrinityOS):
# SMTP MAIL: Since this site is an authoritative SMTP server, allow it in on
ALL
# interfaces
/sbin/ipfwadm -I -a accept -W eth0:2 -P tcp -S $universe -D $200.111.232.12
smtp
Get it?
>since I am using ipportfw for the 3 NICs
>on port 25, I can't seem to get logging of the SYNs to occur.
Hmmm... This might not be possible though ALL IPFWADM/IPCHAINS INPUT rulesets
should apply before IPPORTFW gets it's hands on the packets. Are you logging
SYN packets on the INPUT side? Also, have you tried to enable kernel
Firewall Accounting and see if that works?
Btw.. why do you want to log SYN packets anyway?
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
