Re: Firewall Configuration in Redhat 9.0

> > >>> [EMAIL PROTECTED] 10/20/03 04:00PM >>> > > > > I've been having some trouble opening and closing ports. Basically, I > > want to close of all ports except 22 for ssh and 3 other ports to do > > some testing with openmosix. No matter what I do though, the ports > > that > > I want open stay

Re: Firewall Configuration in Redhat 9.0

On Tuesday 21 October 2003 20:42, Jesse Millan wrote: > Firewall is still doing absolutely nothing, even when I untrust eth0. and he wrote earlier: > > Other notes, I have iptables service enabled. It starts at boot. > > Also, I > > have tried to use iptables directly i.e iptables -A INPUT -p tc

Re: Firewall Configuration in Redhat 9.0

On Tue, 2003-10-21 at 07:58, Dominic RIVERA wrote: > Well, you have a couple of problems: > > You don't want to trust eth0, by trustung eth0 ( your only network card > ) you are basically disabling the firewall from that interface. > > Dominic Rivera > (503) 947-7308 > [EMAIL PROTECTED] > Fire

Re: Firewall Configuration in Redhat 9.0

Well, you have a couple of problems: You don't want to trust eth0, by trustung eth0 ( your only network card ) you are basically disabling the firewall from that interface. Dominic Rivera (503) 947-7308 [EMAIL PROTECTED] >>> [EMAIL PROTECTED] 10/20/03 04:00PM >>> I've been having some trouble o

Re: Firewall - Limit Geographic Area

On Tue, Oct 21, 2003 at 08:51:16AM +0200, Zoki wrote: > *** What I don't get is where comes this pathological panic of yours that > pirates only exist in China and Europe? > > Don't tell me Mr . K. Mitnick was Chinese... I think the idea wasn't that bad people are only in Far Away Places, more th

Re: Firewall - Limit Geographic Area

Le 16/10/2003 19:37, « lrnobs » <[EMAIL PROTECTED]> a écrit : >> I believe the OP's concern is that of remote exploit (DoS, script >> kiddies, worms, etc), not of application fraud. He wants to deny at >> layer 3, based on geography. > > Yes, this is my concern. My thought is that if I can limit

RE: Firewall Configuration in Redhat 9.0

Jesse, Don't forget the default action for IPTABLES. You must DROP packets and accept the connections you wish. I believe the command is: Iptables -A INPUT DROP Iptables -A OUTPUT DROP Iptables -A forward DROP Don't forget to add the "ACCEPT" lines first, otherwise you will lock yourself out. Mi

Server modification log WAS RE: Firewall - Limit Geographic Area

Kent Borg on Thursday, October 16, 2003 2:35 PM said: > P.S. Non-security advice: Keep a log of everything you do to your > server. It will not only be useful as a reference, but it will slow > you down in how you mangle your server by forcing you to take those > n

Server modification log WAS RE: Firewall - Limit Geographic Area

Kent Borg on Thursday, October 16, 2003 2:35 PM said: > P.S. Non-security advice: Keep a log of everything you do to your > server. It will not only be useful as a reference, but it will slow > you down in how you mangle your server by forcing you to take those > n

Re: Firewall - Limit Geographic Area

Thanks, I appreciate your time. Larry Nobs - Original Message - From: "Kent Borg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 16, 2003 4:35 PM Subject: Re: Firewall - Limit Geographic Area > On Thu, Oct 16, 2003 at 12:37:23PM -0500, l

Re: Firewall - Limit Geographic Area

On Thu, Oct 16, 2003 at 12:37:23PM -0500, lrnobs wrote: > Remember that I am a beginner at this and am trying to learn about > all the weapons that are available to protect my little site. Security. A lot of people have a lot of good advice about security, but much of it is unrealistic. Attempti

Re: Firewall - Limit Geographic Area

> I believe the OP's concern is that of remote exploit (DoS, script > kiddies, worms, etc), not of application fraud. He wants to deny at > layer 3, based on geography. Yes, this is my concern. My thought is that if I can limit my visibility on the internet then I decrease my chances to some degr

Re: Firewall - Limit Geographic Area

On Thu, 2003-10-16 at 13:00, Kent Borg wrote: > On Thu, Oct 16, 2003 at 12:28:01PM -0400, Jason Dixon wrote: > > I believe the OP's concern is that of remote exploit (DoS, script > > kiddies, worms, etc), not of application fraud. He wants to deny at > > layer 3, based on geography. > > Yes. And

Re: Firewall - Limit Geographic Area

On Thu, Oct 16, 2003 at 12:28:01PM -0400, Jason Dixon wrote: > I believe the OP's concern is that of remote exploit (DoS, script > kiddies, worms, etc), not of application fraud. He wants to deny at > layer 3, based on geography. Yes. And it is a bad idea. My questions were intended to illustra

Re: Firewall - Limit Geographic Area

On Thu, 2003-10-16 at 12:07, Kent Borg wrote: > On Wed, Oct 15, 2003 at 04:00:15PM -0500, lrnobs wrote: > > This web site will be used for local food delivery and all customers > > will have to set up accounts in advance to be sure they are in the > > fuzzy delivery area. > > So validate the deliv

Re: Firewall - Limit Geographic Area

On Wed, Oct 15, 2003 at 04:00:15PM -0500, lrnobs wrote: > This web site will be used for local food delivery and all customers > will have to set up accounts in advance to be sure they are in the > fuzzy delivery area. So validate the delivery address as being in your delivery area. (By zip code,

Re: Firewall - Limit Geographic Area

At 13:53 10/15/2003, you wrote: On Wed, 2003-10-15 at 15:50, lrnobs wrote: > If I put all these foreign countries addresses in iptables rules would there > be a big performance hit? > > Is there a different way to do it? Follow Michael's suggestions. Patch, patch, patch. Only run those services

RE: Firewall - Limit Geographic Area

Bill Carlson on Wednesday, October 15, 2003 2:42 PM said: >>> Does anyone know of a way to do this? Are the IP ranges assigned to >>> American networks published somewhere? > > It's easier to go the reverse route, exclude some known foreign > networks. See http://w

Re: Firewall - Limit Geographic Area

On Wed, 15 Oct 2003 15:47:56 -0500 "lrnobs" <[EMAIL PROTECTED]> wrote: > Does anyone know of a way to do this? Are the IP ranges assigned to > American networks published somewhere? Yes, They are published in many places but one detailed list is available freely from: http://ip-to-country.di

Re: Firewall - Limit Geographic Area

On Wed, 2003-10-15 at 17:41, Bill Carlson wrote: > On 15 Oct 2003, Jason Dixon wrote: > > This type of information could probably be gathered via NANOG or the > > ICANN site. However, if I haven't stressed it enough already, I highly > > suggest you avoid this route. IT WILL NOT WORK like you in

Re: Firewall - Limit Geographic Area

On 15 Oct 2003, Jason Dixon wrote: > On Wed, 2003-10-15 at 16:47, lrnobs wrote: > > > You could instead say... > > > I don't like cars that are not Blue. > > > > > > In other words, exclude all traffic that is not from America instead of > > > the other way around. > > > > Does anyone know of a w

Re: Firewall - Limit Geographic Area

This web site will be used for local food delivery and all customers will have to set up accounts in advance to be sure they are in the fuzzy delivery area. Larry Nobs > > I will soon setup a web server in St. Louis, Missouri and > > there will be no reason for anyone outside of a 300 mile > > r

RE: Firewall - Limit Geographic Area

> I will soon setup a web server in St. Louis, Missouri and > there will be no reason for anyone outside of a 300 mile > radius to be using my web site. I don't believe you! =) What if someone wants to visit St. Louis and needs your info, or if a St. Louis resident visits his family in NY and

Re: Firewall - Limit Geographic Area

On Wed, 2003-10-15 at 16:47, lrnobs wrote: > > You could instead say... > > I don't like cars that are not Blue. > > > > In other words, exclude all traffic that is not from America instead of > > the other way around. > > Does anyone know of a way to do this? Are the IP ranges assigned to > Amer

Re: Firewall - Limit Geographic Area

; <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 3:22 PM Subject: Re: Firewall - Limit Geographic Area > On Wed, 2003-10-15 at 16:13, lrnobs wrote: > > This server will have one web site using Java and Tomcat and will send out > > mail when orders are received to known email

Re: Firewall - Limit Geographic Area

Thanks, Larry Nobs - Original Message - From: "Chris W. Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 2:54 PM Subject: RE: Firewall - Limit Geographic Area > lrnobs <mailto:[EMAIL PROTECTED]> > on Wednesd

Re: Firewall - Limit Geographic Area

On Wed, 2003-10-15 at 16:29, Jason Dixon wrote: > On Wed, 2003-10-15 at 16:22, Michael Gargiullo wrote: > > > as root run ntsysv > > > > scroll down until you find sshd, and make sure there's no * next to it. > > > > same with your ftpd > > > > You can leave sshd running and limit access with i

Re: Firewall - Limit Geographic Area

On Wed, 2003-10-15 at 16:22, Michael Gargiullo wrote: > as root run ntsysv > > scroll down until you find sshd, and make sure there's no * next to it. > > same with your ftpd > > You can leave sshd running and limit access with iptables if you wish. > Makes life at 3 am with a crashed app easi

Re: Firewall - Limit Geographic Area

On Wed, Oct 15, 2003 at 03:13:02PM -0500, lrnobs wrote: > This currently has Redhat 8. Ssh is currently loaded. I couldn't find > where to stop ssh from loading at boot. Could you point me in the right > direction. # chkconfig --list |grep 3:on Now turn off those services you don't want: # chkc

Re: Firewall - Limit Geographic Area

ng list" <[EMAIL PROTECTED]> > Sent: Wednesday, October 15, 2003 2:44 PM > Subject: Re: Firewall - Limit Geographic Area > > > > Not reliably. One of our locations uses an AT&T DS1. Which literally > > bounces from TX to CA then to us in NJ. > > >

Re: Firewall - Limit Geographic Area

boot. Could you point me in the right direction. Thanks, Larry Nobs - Original Message - From: "Michael Gargiullo" <[EMAIL PROTECTED]> To: "redhat mailing list" <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 2:44 PM Subject: Re: Firewall - L

Re: Firewall - Limit Geographic Area

Can I do this with an IP Range? Thanks, Larry Nobs - Original Message - From: "Chris W. Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 2:54 PM Subject: RE: Firewall - Limit Geographic Area > lrnobs <mailto:[EMAIL PR

RE: Firewall - Limit Geographic Area

lrnobs on Wednesday, October 15, 2003 12:50 PM said: > If I put all these foreign countries addresses in iptables rules > would there be a big performance hit? Probably. > Is there a different way to do it? Maybe instead of saying... I don't like cars that are Ye

Re: Firewall - Limit Geographic Area

On Wed, 2003-10-15 at 15:50, lrnobs wrote: > If I put all these foreign countries addresses in iptables rules would there > be a big performance hit? > > Is there a different way to do it? Follow Michael's suggestions. Patch, patch, patch. Only run those services which are vitally necessary, an

Re: Firewall - Limit Geographic Area

tober 15, 2003 2:39 PM Subject: Re: Firewall - Limit Geographic Area > Hi, for other countries, you could filter by IP ranges. Try this: > > http://blackholes.us > > _ > Regards, Joe > > > > > - Original Message - > From: &qu

Re: Firewall - Limit Geographic Area

Not reliably. One of our locations uses an AT&T DS1. Which literally bounces from TX to CA then to us in NJ. Just build the securest server you can. Use SSH not telnet. Use sftp not ftp. Only run the services you need, and nothing more. On Wed, 2003-10-15 at 15:31, lrnobs wrote: > Is there

Re: Firewall - Limit Geographic Area

Hi, for other countries, you could filter by IP ranges. Try this: http://blackholes.us _ Regards, Joe - Original Message - From: "lrnobs" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 3:31 PM Subject: Firewall - Limit Geographic Are

Re: firewall conf

At 21:50 9/4/2003 +0200, you wrote: >I need FTP my clients need to upload there webpages because the server is a >part of a hosting company. I don't want to give anonymous access to anyone. >Every user is know to me, and is chrooted to her home directorie they can't >come outside this directory eve

Re: firewall conf

At 21:50 9/4/2003 +0200, you wrote: I need FTP my clients need to upload there webpages because the server is a part of a hosting company. I don't want to give anonymous access to anyone. Every user is know to me, and is chrooted to her home directorie they can't come outside this directory even wi

Re: firewall conf

I need FTP my clients need to upload there webpages because the server is a part of a hosting company. I don't want to give anonymous access to anyone. Every user is know to me, and is chrooted to her home directorie they can't come outside this directory even with a symlink access is denied. And a

Re: firewall conf

> Hi, > > Thanks i modified my firewall now it works for me. I made the following > entries: > > > :FORWARD ACCEPT [0:0] # Accept all forwarded packets. In my case there > is no NAT, so this is ok. > :INPUT DROP [0:0] # Drop all incoming packets. > :OUTPUT ACCEPT [0:0] # Accept all outgoing packets

RE: firewall conf

Hi, Thanks i modified my firewall now it works for me. I made the following entries: :FORWARD ACCEPT [0:0] # Accept all forwarded packets. In my case there is no NAT, so this is ok. :INPUT DROP [0:0] # Drop all incoming packets. :O

Re: firewall conf

> Hi, > > I'm using redhat 9.0 and the latest webmin. Now i want to configure the > firewall that the ip addresses 213.132.174.75, 127.0.0.1, 80.242.234.70 and > 62.131.19.121 with webmin only can access port 1 tcp/udp. I only get one > ip address working not all. Any body any ideas? What is t

RE: Firewall / Internet Gateway Config Fails

On Mon, 2003-08-11 at 10:47, Ken Plumley wrote: > My firewall/gateway is partially working now, it can > ping the lan and the internet. It looks like it needs > scripts added to the firewall configuration written by > lokkit to allow lan clients to reach the internet > through the firewall/gateway.

RE: Firewall / Internet Gateway Config Fails

The first way is right. You have to set up NAT rules and set the gateways on your clients to point to your router/gateway/firewall -Original Message- From: Ken Plumley [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 3:37 PM To: Redhat List Subject: Firewall / Internet Gateway Co

RE: Firewall / Internet Gateway Config Fails

ere are a > load of How-To's on > this google="iptables nat" > > > -Original Message- > From: Ken Plumley [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 6:42 PM > To: [EMAIL PROTECTED] > Subject: RE: Firewall / Internet Gateway Config >

RE: Firewall / Internet Gateway Config Fails

August 09, 2003 6:42 PM To: [EMAIL PROTECTED] Subject: RE: Firewall / Internet Gateway Config Fails Jason, For testing only, if the firewall/gateway is configured correctly shouldn't the lan clients be able to reach the internet with out a firewall? I haven't worked with iptables, how

RE: Firewall / Internet Gateway Config Fails

5.0 -j MASQUERADE > > These should work. > > > -Original Message- > From: Ken Plumley [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: RE: Firewall / Internet Gateway Config > Fails > > > Jason, > &

RE: Firewall / Internet Gateway Config Fails

Jason, Ok I will set GATEWAYDEV=eth0 I replaced an existing RH 6.2 firewall/gateway machine with the new RH 8.0 machine. The new machine has the same name and IP number that the old machine did so all the machines on the lan are already configured to point to the new firewall/gateway. Are NAT r

RE: Firewall / Internet Gateway Config Fails

Plumley [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 4:14 PM To: [EMAIL PROTECTED] Subject: RE: Firewall / Internet Gateway Config Fails Jason, Ok I will set GATEWAYDEV=eth0 I replaced an existing RH 6.2 firewall/gateway machine with the new RH 8.0 machine. The new machine has the

RE: Firewall

On Thu, 2003-07-10 at 09:33, Sadanapalli, Pradeep Kumar (MED, TCS) wrote: > IPTABLES ..see iptables-howto > > -Original Message- > From: Khademul Islam [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2003 11:23 AM > To: '[EMAIL PROTECTED]' > Subject: Firewall > > > Hi! Everyone, I a

Re: Firewall

Sure Redhat 9 has iptables. Best to do some reading at www.netfilter.org. There are some good tutorials there. Thre are some tools out there that make it a bit easier, but it's best to know not only how, but why. -Mike On Thu, 2003-07-10 at 12:23, Khademul Islam wrote: > Hi! Everyone, I am ne

Re: Firewall

On Thu, 2003-07-10 at 12:23, Khademul Islam wrote: > Hi! Everyone, I am new on Linux and like to get my hand dirty. > > I have a firewall software on a PC that I want to replace using Linux. Is > there any good and free Linux Firewall that I can use(I can load that PC > with Linux 9.0 and use that

RE: Firewall

IPTABLES ..see iptables-howto -Original Message- From: Khademul Islam [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:23 AM To: '[EMAIL PROTECTED]' Subject: Firewall Hi! Everyone, I am new on Linux and like to get my hand dirty. I have a firewall software on a PC that I want

Re: Firewall proxies and ssh, cvs

> I am trying to get ports opened for both ssh and cvs so that I can get code > from external sites, but our firewall uses proxies and proxies do not exist > for these two protocols. Does anyone know if any other proxy will work for > these two systems. For example, will an ssl proxy work for ssh a

Re: Firewall proxies and ssh, cvs

On Tue, 1 Jul 2003, Chad Skinner wrote: > these two systems. For example, will an ssl proxy work for ssh No. SSL and SSH are two totally different protocols. -- Sen. Orrin Hatch thinks destroying private property to ensure bigger campaign contributions from media cartels is "good politics." Let

Re: Firewall "ipchains-rule" questions

[EMAIL PROTECTED] wrote: > "Burke, Thomas G." wrote: > > >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >>Check out http://tomii.dnsalias.com/firewall.txt for a well >>documented ipchains script > > > So, any other well documented iptables script ? > > Thank for your help ! > www.linux

Re: Firewall "ipchains-rule" questions

Michael Schwendt wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Tue, 11 Mar 2003 22:45:17 +0800, [EMAIL PROTECTED] wrote: > > > Hello to you, > > > > After the following "iptables-rules" on Linux Redhat 7.2 Server : > > > > /etc/rc.d/rc.local : > > iptables -F > > iptables -A INPU

Re: Firewall "ipchains-rule" questions

"Burke, Thomas G." wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Check out http://tomii.dnsalias.com/firewall.txt for a well > documented ipchains script So, any other well documented iptables script ? Thank for your help ! -- redhat-list mailing list unsubscribe mailto:[EMAI

Re: Firewall "ipchains-rule" questions

[EMAIL PROTECTED] wrote: Sorry... Is there a documentation ( NOT shell script ) about "ipchains-rule" ? I'm very hard to test the following rules with the old machine ( rh 6.x man ipchains http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html Tony -- Anthony E. Greene OpenPGP

Re: Firewall "ipchains-rule" questions

I'm beginning to think this guy is a 'bot... Same question over & > over... Doesn't RTFM, and so on > > - -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 1:26 AM > To: [EMAIL PROTECTED] > S

RE: Firewall "ipchains-rule" questions

o: [EMAIL PROTECTED] Subject: Re: Firewall "ipchains-rule" questions Hello, Now, we want to allow users they can only to use the following port numbers ( services ), but we may need someone to help to check and modify the "rules"... ipchains -F ipchains -A input -i eth0 -p tcp --

Re: Firewall "ipchains-rule" questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Mar 2003 14:26:15 +0800, [EMAIL PROTECTED] wrote: > Now, we want to allow users they can only to use the following port numbers > ( services ), but we may need someone to help to check and modify the > "rules"... > > ipchains -F > > ipcha

Re: Firewall "ipchains-rule" questions

Hello, Now, we want to allow users they can only to use the following port numbers ( services ), but we may need someone to help to check and modify the "rules"... ipchains -F ipchains -A input -i eth0 -p tcp --dport 20 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 21 -j ACCEPT ipchains -A

Re: Firewall "ipchains-rule" questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Mar 2003 00:32:20 +0800, [EMAIL PROTECTED] wrote: > Now, I reset the "ipchains-rule" on Redhat 6.2 machine, so any problem > about the following setting ? It depends on the purpose of your host and the goal of your rules: Loopback device i

Re: Firewall "ipchains-rule" questions

Hello, Now, I reset the "ipchains-rule" on Redhat 6.2 machine, so any problem about the following setting ? ipchains -F ipchains -A input -i eth0 -p tcp --dport 20 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 21 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 22 -j ACCEPT ipchains -A in

Re: Firewall "ipchains-rule" questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 12 Mar 2003 09:44:12 +0800, [EMAIL PROTECTED] wrote: > So, is there any sample about "ipchains-rule" ? Search Google for "ipchains howto" and "ipchains tutorial" and thinks like that. Additionally, as suggested by someone else already, examin

Re: Firewall "ipchains-rule" questions

Michael Schwendt wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wed, 12 Mar 2003 00:09:31 +0800, [EMAIL PROTECTED] wrote: > > > > ipchains --policy input DENY > > > ipchains --policy output DENY > > > ## Allow outgoing traffic from your HTTP/DNS server. > > > ipchains -A o

Re: Firewall "ipchains-rule" questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 12 Mar 2003 00:09:31 +0800, [EMAIL PROTECTED] wrote: > > ipchains --policy input DENY > > ipchains --policy output DENY > > ## Allow outgoing traffic from your HTTP/DNS server. > > ipchains -A output -i eth0 -p tcp --sport 80 -j ACCEPT

Re: Firewall "ipchains-rule" questions

On Tue, Mar 11, 2003 at 09:08:05AM -0800, Gordon Messmer wrote: > [EMAIL PROTECTED] wrote: > > Hello to you, > > > > After the following "iptables-rules" on Linux Redhat 7.2 Server : > > I think your rules are out of order. You've got rules to drop > everything at the > beginning of the chain, s

Re: Firewall "ipchains-rule" questions

[EMAIL PROTECTED] wrote: > Hello to you, > > After the following "iptables-rules" on Linux Redhat 7.2 Server : I think your rules are out of order. You've got rules to drop everything at the beginning of the chain, so packets never make it far enough in to match the "allow" rules. Re-order like

Re: Firewall "ipchains-rule" questions

Michael Schwendt wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Tue, 11 Mar 2003 22:45:17 +0800, [EMAIL PROTECTED] wrote: > > > Hello to you, > > > > After the following "iptables-rules" on Linux Redhat 7.2 Server : > > > > /etc/rc.d/rc.local : > > iptables -F > > iptables -A INPU

Re: Firewall "ipchains-rule" questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 11 Mar 2003 22:45:17 +0800, [EMAIL PROTECTED] wrote: > Hello to you, > > After the following "iptables-rules" on Linux Redhat 7.2 Server : > > /etc/rc.d/rc.local : > iptables -F > iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH

RE: Firewall "ipchains-rule" questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Check out http://tomii.dnsalias.com/firewall.txt for a well documented ipchains script - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 9:45 AM To: [EMAIL PROTECTED] Subject: Firewall "ipchai

Re: Firewall - Masquerade of MS messenger

... But the problem is ... that Redhat 7.1 has 2.4.x kernel ... and that solution doesn't work for this ! ... Maybe there's another way !! ... Any ideas ... What about upgrading to RH 8 ??? Thanks a lot for your help !! Guillermo. --- If you want to try it (I never got it to work), be aw

RE: Firewall stuck in "High"

: Re: Firewall stuck in "High" -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 30 December 2002 12:09 am, William Warren wrote: > On Sun, Dec 29, 2002 at 07:54:20PM -0500, Thomas E. Dukes wrote: > > Hello, > > > > I just installed RH 8.0. During the install I w

Re: Firewall stuck in "High"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 30 December 2002 12:09 am, William Warren wrote: > On Sun, Dec 29, 2002 at 07:54:20PM -0500, Thomas E. Dukes wrote: > > Hello, > > > > I just installed RH 8.0. During the install I was asked about the > > security level. I answered "medium"

Re: Firewall stuck in "High"

On Sun, Dec 29, 2002 at 07:54:20PM -0500, Thomas E. Dukes wrote: > Hello, > > I just installed RH 8.0. During the install I was asked about the > security level. I answered "medium" and checked the custimzed option to > allow ftp, www, dhcp, etc. For some reason, its stuck in "High". I > have

Re: firewall questions & Gnome / KDE switching questions

On Mon, Nov 18, 2002 at 05:55:53AM -0600, Arthur Rosene wrote: > > I installed firewall with medium security but my identd requests do not go > through. That sounds about right, actually. > aside from using ipchains or iptables which is a little too advanced for me > right now what is the easiest

Re: firewall questions & Gnome / KDE switching questions

On Mon, 18 Nov 2002, Arthur Rosene wrote: > I installed firewall with medium security but my identd requests do not > go through. aside from using ipchains or iptables which is a little too > advanced for me right now what is the easiest way to get identd to work > under redhat 7.3 ? i've got the

Re: Firewall ports for NFS

On Fri, 8 Nov 2002, Matthew Saltzman wrote: > True enough (says the person who posted the original question). But I > wasn't trying to do it across the Internet. I just wanted to share some If you run firestarter, you can specify trusted interfaces (such as your internal network) while still d

Re: Firewall ports for NFS

On Thu, 7 Nov 2002, Ed Wilts wrote: > On Thu, Nov 07, 2002 at 03:21:49PM -0800, Todd A. Jacobs wrote: > > On Thu, 7 Nov 2002, Ed Wilts wrote: > > > > > I used 0/0 as an example. If you choose to map source uid/gid of > > > 500/500 to local uid/gid 600/600, then you still trust the remote > > > sy

Re: Firewall ports for NFS

On Thu, Nov 07, 2002 at 03:21:49PM -0800, Todd A. Jacobs wrote: > On Thu, 7 Nov 2002, Ed Wilts wrote: > > > I used 0/0 as an example. If you choose to map source uid/gid of > > 500/500 to local uid/gid 600/600, then you still trust the remote > > system's view of who 500/500 is. root_squash does

Re: Firewall ports for NFS

On Thu, 7 Nov 2002, Ed Wilts wrote: > I used 0/0 as an example. If you choose to map source uid/gid of > 500/500 to local uid/gid 600/600, then you still trust the remote > system's view of who 500/500 is. root_squash does not help you here. root_squash and all_squash are mapped automatically t

Re: Firewall ports for NFS

On Thu, Nov 07, 2002 at 12:23:31PM -0800, Todd A. Jacobs wrote: > On Thu, 7 Nov 2002, Ed Wilts wrote: > > > NFS absolutely trusts the client not to lie to it. There is *no* > > authentication done whatsoever. If the client tells the server that > > it's uid/gid is 0/0, the server trusts it. For

Re: Firewall ports for NFS

On Thu, 7 Nov 2002, Ed Wilts wrote: > NFS absolutely trusts the client not to lie to it. There is *no* > authentication done whatsoever. If the client tells the server that > it's uid/gid is 0/0, the server trusts it. For this reason, you should This is what root_squash (on by default) and all

Re: Firewall ports for NFS

On Thu, Nov 07, 2002 at 10:18:54AM -0500, Matthew Saltzman wrote: > > > > What ports on a machine need to be opened in order to export and/or import > > > NFS mounts? > Sheesh, it does seems like one might as well run without a firewall. I > knew it was more complicated than just opening the nfs

Re: Firewall ports for NFS

On Thu, 7 Nov 2002, Oliver Rompcik wrote: > > What ports on a machine need to be opened in order to export and/or import > > NFS mounts? > > All implementations of NFS use a fixed port number (2049). This is used so > that a NFS client does NOT have to perform a portmapper query (port 111). > Unfo

Re: Firewall ports for NFS

> What ports on a machine need to be opened in order to export and/or import > NFS mounts? All implementations of NFS use a fixed port number (2049). This is used so that a NFS client does NOT have to perform a portmapper query (port 111). Unfortunately NFS relies upon some other services for mou

Re: Firewall ports for NFS

On Wed, 6 Nov 2002, Matthew Saltzman wrote: > What ports on a machine need to be opened in order to export and/or > import NFS mounts? You must have at least the following: nfsd: 2049 sunrpc/portmap: 111 I couldn't get it working properly with ipchains, though...something was s

RE: Firewall ports for NFS

My first time using grep! grep nfs /etc/services nfs 2049/tcpnfsd nfs 2049/udpnfsd /etc/services is where I go to find out which ports are being used by what services... Thanks for giving me the opportunity to use grep in a sentence. carl -Origina

Re: Firewall and backdoor/trojans

On Wed, Oct 30, 2002 at 09:53:23PM -0600 or thereabouts, Chad Skinner wrote: > I lost my firewall script last weekend when I updated my computer and of > course being the super techy that I am I have no backup. > > I had a section in the script that explicitly dropped packets that are on > port co

Re: Firewall logs

Mine logs to /var/log/messages On Tue, 22 Oct 2002, James wrote: > Does the firewall log traffic, if so where? > If not what log file do I need to check to watch > traffic in and out? > > = > James J. Kiely > cell phone: (248) 935-3256 > home phone: (586) 264-4527 > > __

Re: Firewall and passive ftp

You'll want to open up port 20 udp/tcp. Vidiot <[EMAIL PROTECTED]> said: > I suspect that the RH 7.1 firewall that I set up with firestarter turned off > ftp passive access. > > What do I need to set in the configuration to allow passive ftp? > > Thanks. > > MB > -- > e-mail: [EMAIL PROTECTE

Re: firewall monitoring?

On 2002.07.22 18:42 Ajay Sharma wrote: > > Hello, > > I have a simple firewall setup that is doing NAT for 4 computers. > It's > a very basic setup. > > I want to be able to generate some MRTG graphs for how much traffic > passes through the firewall for each client computer. Then be able to >

Re: Firewall

--- Reply to a message --- By: Matt McElreath ->: a Mail :>: Firewall > I'm looking to get a good firewall for my RH 7.0. Any suggestions? bind 127.0.0.1 on services not needed from outside makes sence to me or if you still need them bind 192.168.1.1 for your local lan i follow this rules t

Re: Firewall setup

hi, > 2) Is there a GUI to manage the firewall? I'm used to editing an check in freshmeat for "firestarter".it is worth trying. cheers -rk- --- Ramakrishna| [EMAIL PROTECTED] Exocore Consulting | http://www.exocore.com Bangalore, India | +91

Re: Firewall setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11-Jun-2002/12:46 -0400, [EMAIL PROTECTED] wrote: >1) Where is the firewall script? On my RH72 box, it's in /etc/sysconfig/ipchains. >2) Is there a GUI to manage the firewall? I'm used to editing an >rc.firewall file, but it's a simple script fi

Re: firewall script

Please do not post HTML e-mail to this list, or any list for that matter. Use firestarter to control the firewall. It is much easier that way. MB > >--020903030805030901060805 >Content-Type: text/plain; charset=us-ascii; format=flowed >Content-Transfer-Encoding: 7bit > >Hi Pramod

Re: firewall script

Hi Pramod Try out Iptables, it has better features than ipchains. Enable IP forwarding between the interfaces - remember to disable this if you're going to unload the Iptables rules.   echo "1" > /proc/sys/net/ipv4/ip_forward Load the NAT modules - needed only if you

  1   2   3   >