lug-bg: Re: lug-bg: delay_pools SQUID
, . - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 7:22 AM Subject: Re: lug-bg: delay_pools SQUID Zdrasti, Neznam do kolko shte ti pomogne no predi nqkolko dena v www.linux-bg.org izleze statiq za ogranichavane na trafika sus delay-pools. Eto adresa na statiqta: http://linux-bg.org/cgi-bin/y/index.pl?page=articleid=adviceskey=357055247 nadqvam se da ti pomogne. Joro ! 19'LCD monitor/TV Hyundai http://www.hyundai.bg A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: glei go tozi poeto kude se e zabil v lug-a:))))
. , 16 , :-)) :-P - Original Message - From: Svetlana Pesheva [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 1:36 PM Subject: Re: lug-bg: glei go tozi poeto kude se e zabil v lug-a: On Tuesday 16 December 2003 12:46, Vesselin Kolev wrote: Svetlana Pesheva wrote: Svetlana Pesheva Linux Administrator Nola7 Ltd. contact for linux tech. problems: gsm 099 912 133 ... ? ako shte ti pravim basein..da ti dam koordinati na marketing otdela ni?!:) ? za? DOCTYPE XML ? . ? da, imame 2 ns-a v Huston name zone-te ni sa tam, kato za 4 ot domainite ima maping za bg mreji i mirroring v Bulgaria (reverse dns v Sofia) ? za vhodiashta poshta polzvame edin ot serverite ni v Huston, za izhodiashta v Sofia FTP ? ne za ftp - lftp, za http -https .. ... kakto reshish! ako moga s neshto da ti pomogna, etc :) === = A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html === = -- Svetlana Pesheva Linux Administrator Nola7 Ltd. contact for linux tech. problems: gsm 099 912 133 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: glei go tozi poeto kude se e zabil v lug-a:))))
. . neogost - Original Message - From: Vesselin Kolev [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 2:44 PM Subject: Re: lug-bg: glei go tozi poeto kude se e zabil v lug-a: Svetlana Pesheva wrote: ? za? :) . ... - reply... , . DoS . DOCTYPE XML ? .. :). ? da, imame 2 ns-a v Huston name zone-te ni sa tam, kato za 4 ot domainite ima maping za bg mreji i mirroring v Bulgaria (reverse dns v Sofia) :) . .? AS ? . , mapping mirroring. DNSSEC? opportunistic encryption? FTP ? ne za ftp - lftp, za http -https . LFTP ? . . , HTTPS. . Ephimeral Diffie-Hellman MD5 - ? RC2? SSH SSH ? ( , ) HTTPS ? .. ... kakto reshish! ako moga s neshto da ti pomogna, etc :) . IPsec X.509 P2P . , , . - tcpdump . OSPF . . Secure File Server... A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: glei go tozi poeto kude se e zabil v lug-a:))))
16 , . , . - 620725 . . . , . A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: traffic log-er
. . . . tcpdump eth0 , . , . . neogost - Original Message - From: Vesselin Kolev [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 15, 2003 10:32 AM Subject: Re: lug-bg: traffic log-er Miroslava Ivanova wrote: Izpolzvam Linux za gateway kum Internet na localna mreja. Userite izpolzvat Internet chrez NAT, t.e. ima samo edin realen IP adres. Bih iskala da instaliram programa na gateway-qt koqto da logva absoliutno vsichko koeto pravqt userite v Internet, t.e. kakvi konekcii se izgrajdat, kolko trafik preminava, izpolzvan protokol, vreme, chas i t.n. S dve dumi iskam programa s koqto da sum sigorna, che ako nqkoi ot lan-a napravi nqkakva belq v Internet shte moga da kaja koi e bil pred suotvetnite organi. Blagodarq!!! , . , . , ! , NAT, ! ', 3- . ( ), , - , . , . (, ,, , , , , ). ( ISP ,) , . , , . , ? ( )?( Windows XP)? ' IP , , , HTTPS ( ' HTTPS ). Hotmail ( ) , DOS. . , , , , . , . ? ? ? . , , . .SYN flood, ICMP flood, , DNS , IP , . ( Linux - tc/iproute2), . , , , ,- ... ... , , , , , - ! ... A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
lug-bg: delay_pools SQUID
"Squid 2.5-STABLE4, Linux RedHat 7.2" "--delay_pool" . "squid conf" : # # 1 . # 2 . 255 # 3 . 255 - delay_pools 3 # 3 delay poolsdelay_class 1 1 # pool 1 is class 1delay_class 2 1 # pool 2 is class 1delay_class 3 3 # pool 3 is class 3 acl multimedia urlpath_regex -i \.mp3$ \.mpeg$ \.avi$ \.mov$delay_access 1 allow multimediadelay_access 1 deny alldelay_access 2 allow Mynetdelay_access 2 deny alldelay_access 3 allow MyNAT delay_access 3 deny alldelay_parameters 1 16000/64000delay_parameters 2 64000/64000delay_parameters 3 64000/64000 32000/64000 6400/32000 # total_rest/total_max net_rest/net_max ind_rest/ind_max # total - # net - # ind - # rest - (/)# max - () : . neogost __neo ghostICQ#:119959087 Current ICQ status: + More ways to contact me __ online?icq=119959087img=21 Description: Binary data
Re: Blagogariya mnogo za pomoshta lug-bg: port filtering s IPTABE
,. SQUID enable-delay-pools , Perl WEB . www.ipcop.org . neogost - Original Message - From: Iassen Pramatarov [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:59 PM Subject: Re: Blagogariya mnogo za pomoshta lug-bg: port filtering s IPTABE Tue, 18 Nov 2003 18:19:56 +0200 Kamen TOMOV : On Tue, Nov 18, 2003 at 05:39:20PM +0200, [EMAIL PROTECTED] wrote: . , , . , transparent proxy , , , imap, pop3, cvs () Squid., ftp, ;) ; ; Squid ., Squid, , , POP3- ;) -- aka Turin A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: Blagogariya mnogo za pomoshta lug-bg: port filtering s IPTABE
, IPTABLES dport sport . SQUIDHTTP-DOWNLOD , 2.4 --enable-delay-pools IP 10.2.10.4/32 mp3;mov;avi;iso;gz;tar.gz;zip;rar;pdf;mpeg; . . neogost A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
lug-bg: port filtering s IPTABE
, . "ipchains" "Debian" . "ipfilteringa" "iptables" .IP 10.2.10.4/32: 25,110,53,80,6667 "TCP" 53 "UDP" . "rc.firewal" , "SQUID" neogost __neo ghostICQ#:119959087 Current ICQ status: + More ways to contact me __ online?icq=119959087img=21 Description: Binary data #!/bin/sh . /var/ipcop/ppp/settings . /var/ipcop/ethernet/settings IFACE=`/bin/cat /var/ipcop/red/iface | /usr/bin/tr -d '\012'` iptables_init() { echo 0 /proc/sys/net/ipv4/conf/all/rp_filter echo 0 /proc/sys/net/ipv4/conf/all/accept_redirects echo 0 /proc/sys/net/ipv4/conf/all/accept_source_route echo 1 /proc/sys/net/ipv4/conf/all/log_martians # Reduce DoS'ing ability by reducing timeouts echo 30 /proc/sys/net/ipv4/tcp_fin_timeout echo0 /proc/sys/net/ipv4/tcp_window_scaling echo0 /proc/sys/net/ipv4/tcp_timestamps echo0 /proc/sys/net/ipv4/tcp_sack echo 1024 /proc/sys/net/ipv4/tcp_max_syn_backlog # Flush all rules and delete all custom chains /sbin/iptables -F /sbin/iptables -t nat -F /sbin/iptables -X /sbin/iptables -t nat -X # Set up policies /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # This chain will log, then DROPs Xmas and Null packets which might # indicate a port-scan attempt /sbin/iptables -N PSCAN /sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix TCP Scan? /sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix UDP Scan? /sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix ICMP Scan? /sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix FRAG Scan? /sbin/iptables -A PSCAN -j DROP # Disallow packets frequently used by port-scanners, XMas and Null /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j PSCAN /sbin/iptables -A FORWARD -p tcp --tcp-flags ALL ALL -j PSCAN /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j PSCAN /sbin/iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j PSCAN } iptables_red() { /sbin/iptables -F RED /sbin/iptables -t nat -F RED # PPPoE / PPTP Device if [ $IFACE != ]; then # PPPoE / PPTP if [ $DEVICE != ]; then if [ $IFACE != ]; then # PPPoE / PPTP if [ $DEVICE != ]; then /sbin/iptables -A RED -i $DEVICE -j ACCEPT fi if [ $RED_TYPE = PPTP -o $RED_TYPE = PPPOE ]; then if [ $RED_DEV != ]; then /sbin/iptables -A RED -i $RED_DEV -j ACCEPT fi fi fi if [ $IFACE != -a -f /var/ipcop/red/active ]; then # DHCP if [ $RED_DEV != -a $RED_TYPE = DHCP ]; then /sbin/iptables -A RED -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT /sbin/iptables -A RED -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT fi if [ $PROTOCOL = RFC1483 -a $METHOD = DHCP ]; then /sbin/iptables -A RED -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT /sbin/iptables -A RED -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT fi # Allow IPSec /sbin/iptables -A RED -p 47 -i $IFACE -j ACCEPT /sbin/iptables -A RED -p 50 -i $IFACE -j ACCEPT /sbin/iptables -A RED -p 51 -i $IFACE -j ACCEPT /sbin/iptables -A RED -p udp -i $IFACE --sport 500 --dport 500 -j ACCEPT # Outgoing masquerading /sbin/iptables -t nat -A RED -o $IFACE -j MASQUERADE fi } # See how we were called. case $1 in start) iptables_init # Limit Packets- helps reduce dos/syn attacks /sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec # CUSTOM chains, can be used by the users themselves /sbin/iptables -N CUSTOMINPUT /sbin/iptables -A INPUT -j CUSTOMINPUT /sbin/iptables -A CUSTOMINPUT -s 10.2.10.4/32 -d 0/0 -p tcp -j DROP /sbin/iptables -N CUSTOMFORWARD /sbin/iptables -A FORWARD -j CUSTOMFORWARD /sbin/iptables -t nat -N CUSTOMPREROUTING /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING # Accept everyting connected /sbin/iptables -A INPUT
lug-bg: Install Na X pod RH.7.2 na Deskkfje A900 problem
"RH 7.2 " "Desknote A900" , "" "XGA 1024x726 " . . neogost __neo ghostICQ#:119959087 Current ICQ status: + More ways to contact me __ online?icq=119959087img=21 Description: Binary data
lug-bg: proba
, . , . neogost ;-)) __neo ghostICQ#:119959087 Current ICQ status: + More ways to contact me __ online?icq=119959087img=21 Description: Binary data
lug-bg: problem s DNS servera
. , . . : 1. " 7.2" 9.. . 2. "dns.hitcomp.org" "dombg.com" . 3. "burgasnet.com" . ""*.org , "ns.burgasnet.com". "" "ns1.mobikom.com" ,. "ns.burgasnet.com" . e . 62.73.126.151 "dns.hitcomp.org" 62.73.126.153 www.hitcomp.org . neogost __neo ghostICQ#:119959087 Current ICQ status: + More ways to contact me __ online?icq=119959087img=21 Description: Binary data