On Sat, May 25, 2002 at 05:29:13PM +0100, Scott Waye wrote:
> This is my first post to this group so please bear with me. I have
> installed a 2.4.18 kernel with the latest (as of 24/5/02) iptables
> (1.2.7).
As far as I can see from www.iptables.org the latest version is still
1.2.6a. So are y
On Sat, May 25, 2002 at 07:58:42PM +0100, Adam D. Barratt wrote:
> Nick Drage wrote, Saturday, May 25, 2002 7:57 PM
>
> > On Sat, May 25, 2002 at 05:29:13PM +0100, Scott Waye wrote:
> >
> > > This is my first post to this group so please bear with me. I have
> >
On Mon, May 27, 2002 at 05:13:06PM -0500, Robin Cook wrote:
> Joe Patterson wrote:
> >>What is the command to add an ip alias to an interface without creating
> >>a subinterface?
> > ip address add $IPADDR dev $DEVICE
> Thanks. That command is from iproute2 package correct?
This doesn't come
On Tue, May 28, 2002 at 07:17:38AM +0200, Raymond Leach wrote:
> Neither active nor passive ftp is secure... both use (by default) plain text
> passwords when authenticating.
>
> Active ftp requires the least number of ports to be opened through your
> firewall, i.e 2 (20 and 21).
> Passive ftp
On Tue, May 28, 2002 at 12:43:04AM -0700, Stewart Thompson wrote:
>> I'm on a local machine with interface eth0 down. I manually enter the
>> iptables policy DROP for all three "normal" chains, and then start up
>> interface eth0 with 'ifup eth0' (eth0 is configured with dhcp and
>> ONBOOT=n).
>>
On Tue, May 28, 2002 at 04:50:05PM -0400, Ramin Alidousti wrote:
> On Tue, May 28, 2002 at 01:17:32PM -0700, Stewart Thompson wrote:
>
> > Thanks for the excellent description Evan.
>
> Yes. Truely, a very good explanation.
Seconded.
> But I have one question:
>
> You say, the default policy
On Tue, May 28, 2002 at 09:00:33PM +0200, Axel Christiansen wrote:
> hi,
>
> cause you drop packets. nmap interprets this as filtered. the usual behavior
> would be "icmp port unreachable" witch causes nmap to show these ports
> as closed.
The usual behaviour would be for a tcp RST to be sent ba
On Tue, May 28, 2002 at 03:10:12PM -0400, Ramin Alidousti wrote:
> On Tue, May 28, 2002 at 09:00:33PM +0200, Axel Christiansen wrote:
> But, you're right. The decision between DROP and REJECT is a very
> tough one. Some two or three weeks ago we were pleading for DROP
> for some valid reasons a
On Tue, May 28, 2002 at 11:42:07PM +0100, Antony Stone wrote:
> On Tuesday 28 May 2002 11:26 pm, Nick Drage wrote:
> > On Tue, May 28, 2002 at 03:10:12PM -0400, Ramin Alidousti wrote:
> > > On Tue, May 28, 2002 at 09:00:33PM +0200, Axel Christiansen wrote:
> I still think
On Thu, May 30, 2002 at 08:55:17PM +0100, Antony Stone wrote:
> On Thursday 30 May 2002 3:13 pm, [EMAIL PROTECTED] wrote:
> > > This type of ICMP message will be RELATED to an existing TCP
> > > connection, therefore it will be allowed through the firewall by the
> > > sort of rulset Claudio was
On Thu, May 30, 2002 at 02:40:36PM +0100, Ross Starkey wrote:
> I have recently built a firewall for my home office. All seems well, it's
> fairly secure. One problem though, every time my Windows client sends a
> packet destined for my Linux box that is not destined for the Internet
> (say for e
On Fri, May 31, 2002 at 10:34:23PM +0100, Adam D. Barratt wrote:
> John Jones asked:
>
> > [root] iptables -h
> > ...
> > --check -C chainTest this packet on chain
> It's been removed. It has never been implemented, and never will be. v1.27
> (i.e. current CVS version) no longe
On Sat, Jun 01, 2002 at 05:05:53PM +0100, Antony Stone wrote:
> On Saturday 01 June 2002 4:04 pm, Neil Aggarwal wrote:
> > # Bind the IP to eth0
> > /sbin/ifconfig eth0:1 11.22.33.55 netmask 255.255.255.0 broadcast
> > 11.22.33.255
>
> A slightly outdated way of doing it, but it'll certainly d
On Sun, Jun 02, 2002 at 05:00:44PM +0200, Patrick Schaaf wrote:
> > So - as a general rule, what does one do? What do people block and what
> > do they accept??
>
> General rule: block everything, log the blocking, stare at the logs while
> doing what needs to be done, and then accept what is n
On Mon, Jun 03, 2002 at 12:55:26AM -0400, Ramin Alidousti wrote:
> On Mon, Jun 03, 2002 at 09:47:07AM +0500, Alexey Talikov wrote:
>
> > See log
>
> I understand your reasoning. But he seems to be aware of the hub/switch
> situation and he claims that he has a hub between the two interfaces and
On Sun, Jun 02, 2002 at 11:25:31PM -0400, Shazad Malik wrote:
> I have seen other explanations such as incresing your tcp max number as
> your physical mem. increase. Check you /proc/net/ip_conntrack file for the
> current connections. But none of these factors have anything to do with
> this e
On Mon, Jun 03, 2002 at 06:36:12AM -0700, Art Reisman wrote:
> Yes I know this is not quite on topic , but I'm geting there, before I can
> use iptables the way I wanted , this was sort of background work.
Fair enough :)
> Here is my topology
>
>
> T1->Gateway>Hub---Wireless->
On Mon, Jun 03, 2002 at 11:34:32PM +0200, Rasmus Bøg Hansen wrote:
> On Mon, 3 Jun 2002, Shazad Malik wrote:
> > Jun 3 08:03:28 new kernel: ip_conntrack: table full, dropping packet.
>
> > Seriously, I going beserk now! I just have two machine sitting behind
> > my test box and just one user(t
On Tue, Jun 04, 2002 at 10:41:58AM -0700, Brian Ugie wrote:
> Below is the hosts portion of nsswitch.conf. The actual hosts file is
> below that. I have also included the simple config that I am using for
> iptables. I have seen the -n option but it is not relevant for appending,
> inserting or
On Wed, Jun 05, 2002 at 01:27:41PM +, Francisco Alfonso Martinez Lopez wrote:
> Hi everybody,how I can denied smurf atacks over my host,it's a single
> connection to Internet,any possibilitie of denied smurf atack on the
> firewall?(my host execute dual boot:suse linux&windows)
A Smurf attac
On Wed, Jun 05, 2002 at 04:04:06PM +0200, Maciej Soltysiak wrote:
> > A Smurf attack is effective just by the sheer weight of traffic sent to
> > you, rather than because of any weakness in your host, so unfortunately
> > there is nothing you can do on your host to harden it against this type
> >
On Wed, Jun 05, 2002 at 01:55:49AM +0200, Christian Hubinger wrote:
> I would be very thankful if anyone could show me a diagramm (or where to
> find one) of the netfilter achitectuer with all it's tables and chains and
> of course the order in which the packetes are passing the chains/tables.
N
On Tue, Jun 04, 2002 at 12:24:34PM +0200, Giovanni Cardone wrote:
> Hi, on a dial-up(56k) machine I'm looking at iptables 1.2.6a with both kernel
> 2.4.13 and 2.4.18. It's 1 months that I'm having troubles with the conntrack.
> I have a lot of packets like 'new not syn'(you know what I'm talking a
On Thu, May 30, 2002 at 09:01:32PM -0400, Joe Patterson wrote:
> kind of the same way that a system determines what an ICMP message relates
> to. For example, the format of an ICMP unreachable message, which includes
> such messages as the fragmentation needed and all the network/host/port
> unre
On Wed, Jun 05, 2002 at 03:07:20PM -0700, Nathan Cassano wrote:
>
> Hi NetFilter Gurus,
> I have heard that ip_conntrack will allow ICMP packets pass that
> are related to an existing connection. My question is what specific
> related ICMP packets does conntrack allow for a given connection
On Thu, Jun 06, 2002 at 04:04:38PM +0200, Tony Earnshaw wrote:
> tor, 2002-06-06 kl. 15:22 skrev Corin Langosch:
> It depends what you want to do with it. And what DNS software you're
> running. I.e., if it's BIND, you can do more with BIND 9 than you can
> with BIND 8, more with BIND 8 than wi
On Sat, Jun 08, 2002 at 12:21:21PM +0200, Corin Langosch wrote:
> i opened port 53 tcp,udp and it seems to work. for some strange reason
> for some people the domains are correctly resolved some people get an error.
> or has it to do that i registered these domains also some hours ago ?
I woul
On Sat, Jun 15, 2002 at 11:33:23PM +0100, Antony Stone wrote:
> On Saturday 15 June 2002 11:14 pm, Brian Capouch wrote:
> > I wonder if the sages on this list might share advice as to whether or
> > not it might be practical to maintain a working ISP where ALL client
> > machines use private IP a
On Fri, Jun 21, 2002 at 01:20:16PM -0400, Ramin Alidousti wrote:
> >> What rules do you have ?
> >
> > how would i know if what kind of rules do i have?
>
> You could, eg, cat your firewall script, ie, if you knew
> where it was.
Run "iptables -L -n" and, as long as it isn't too long, send the
On Fri, Jun 21, 2002 at 12:33:15PM -0500, Krish Ahya wrote:
> Hi all,
>
> I was just wondering, is Netfilter as good as Cisco's PIX and Checkpoint's
> Firewall-1, if not better?
Depends what you mean by "good", which is a little too general to rate
something as complex as a firewall. In relatio
30 matches
Mail list logo