Things were not so easy.
My current route table is:
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.0.0 * 255.255.255.252 U 0 0
0 eth1
200.199.99.192 * 255.255.255.192 U 0 0
0 eth0
127.0.0.0 * 255.0.0.0 U
0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0
0 0 eth1
The router is 192.168.0.1
Eth1 is 192.168.0.2
Eth0 is 200.199.99.193, with 200.199.99.195 as alias
Problem is I am no longer able to ping from this server to anybody outside.
Everybody outside can "see" the server - it is receiving mail, and serving
www and ftp.
Also, any incoming and outgoing traffic from other servers are properly
routed through this server, but the server itself can't originate any
connections.
I spent most of the day trying to figure out why sendmail was "deferring"
all outgoing mail and looking for a misconfigured entry in IPChains, then I
realized the problem was not in IPChains. It seems whenever I try to send
something from this server outside my network, the system chooses eth1 to do
it.
I tried
ipchains -A forward -s 192.168.0.2 -d 0/0 -i eth0 -j MASQ
but it didn't work.
Fortunately sendmail has a ClientPortOptions parameter that allowed me to
override the system chosen network device, but what about other services
that must initiate connections ?
Any ideas ?
Luciano Eicke
Web Garage S/C Ltda
e-mail : [EMAIL PROTECTED]
[EMAIL PROTECTED]
fones: 55-41-9106-6566
55-41-3023-4881
-----Original Message-----
From: Luciano Eicke <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Terça-feira, 1 de Outubro de 2002 19:20
Subject: DoS - routing... next.. firewall!
>Hi,
>
>Thanks for your help.
>
>After a bit of struggle the problem with my initial attempt turned out to
be
>a non-documented parameter in the "route add" command of my router.
>
>Parameter problem solved, all I had to do was activate the two ethernet
>cards in my linux server #1 (IP Forward was already enabled)
>and...done!
>
>Now I have a more complicated issue. Even though my linux servers area
>protected from the Slapper worm (OpenSSL updated), my internet link shows a
>usage of 50% even when all my servers are down!
>
>Im assuming it originates from a DoS attack.
>
>I had IPChains configured to protect my linux server.
>
>Now I want to use HTB, and it seems HTB requires IPTables.
>
>Is it possible to use IPTables to prevent or minimize the effect of DoS
>attacks ?
>
>
>
>
>
>_______________________________________________
>Seawolf-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/seawolf-list
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
