Hey all,
I must be more of a noob than I thought. Apparently, I expected
to install with "high security" mode, and have a semi-functioning system
which I can at a later date "open up" as needed, right? Apparently I'm
either doing something wrong, or something's not working.
I've got VNC and SSH running on the box. SSH starts with the
system now so it uses the hosts.allow --> "SSH :ALL". I'm extremely
fuzzy about how this file works in relation to the grand scheme of
things...when the hosts.allow/hosts.deny files are read, for which
purposes/daemons, etc? I CAN connect via SSH, no problem, but I
obviously can't do a "VNC :ALL" on that box since it doesn't know "vnc"
is a service...so I figured, OK, it's a firewalling issue. I researched
some basics on this shorewall firewall, and here's the "Default + my
mods" I've got.
<snip>
Chain INPUT (policy DROP)
target prot opt source destination
LOG tcp -- anywhere anywhere state NEW
tcp spts:1024:65535 dpt:5093 LOG level warning
ACCEPT tcp -- anywhere anywhere state NEW
tcp spts:1024:65535 dpt:5093
ACCEPT tcp -- anywhere anywhere state NEW
tcp spts:1024:65535 dpt:ssh
..
..
..
</snip>
Obviously, with this in place I thought I should SURELY make VNC's port
5903 open to the general public....wrong! I still get myself dropped,
according to the syslog, but here's a snip.
<snip>
Sep 26 11:35:39 beep kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:04:ac:1b:7a:75:00:a0:c9:5a:86:61:08:00 SRC=10.0.2.1 DST=10.0
.1.150 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=55852 DF PROTO=TCP SPT=2067
DPT=5903 WINDOW=64240 RES=0x00 SYN URGP=0
Sep 26 11:35:42 beep kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:04:ac:1b:7a:75:00:a0:c9:5a:86:61:08:00 SRC=10.0.2.1 DST=10.0
.1.150 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=55853 DF PROTO=TCP SPT=2067
DPT=5903 WINDOW=64240 RES=0x00 SYN URGP=0
Sep 26 11:35:48 beep kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:04:ac:1b:7a:75:00:a0:c9:5a:86:61:08:00 SRC=10.0.2.1 DST=10.0
.1.150 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=55857 DF PROTO=TCP SPT=2067
DPT=5903 WINDOW=64240 RES=0x00 SYN URGP=0
</snip>
Can anyone explain this to me? What's net2all? PLEASE drop me
a clue on writing rules for the shorewall IPTABLES firewall, the whole
"high security" model and what its' functions may entail?
Thanks - I appreciate this a ton...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Ralph | Internet Systems & Security +
+ Boundariez.com | -"Specializing in Paranoia"- +
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ [EMAIL PROTECTED] | Never understimate the power +
+ AIM: SekurityWizard | stupid people +
+ ICQ: 2206039 | in large groups +
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
