Re: [gentoo-user] OT 0.0.0.0 security query

Sat, 27 May 2006 15:55:31 -0700 

Le Samedi 27 Mai 2006 11:40, Dave S a écrit :
> Hi all,
>
> This is a bit OT but I have a netgear router DG834 ADSL firewall router. I
> have restricted my incoming services with ...
>
> Enable  Service Name  Action  LAN Server IP address  WAN Users  Log
> on bit torrent  ALLOW always  192.168.0.5  Any  Always
>      Default  Yes  Any  BLOCK always  Any  Any  Never
>
> And tightened my outgoing services with ...
>
> Enable  Service Name  Action  LAN Users  WAN Servers  Log
> on  HTTP  ALLOW always  Any  Any  Always
> on  HTTPS  ALLOW always  Any  Any  Always
> on  POP  ALLOW always  Any  Any  Always
> on  SMTP  ALLOW always  Any  Any  Always
> on  NTP  ALLOW always  Any  Any  Always
> on  FTP  ALLOW always  Any  Any  Always
> on  rsync  ALLOW always  Any  0.0.0.0  Never
> on  GM Port 389   ALLOW always  192.168.0.6  Any  Always
> on  GM Port 1503  ALLOW always  192.168.0.6  Any  Always
> on  GM Port 1731  ALLOW always  192.168.0.6  Any  Always
> on  GM 1024-65K  ALLOW always  192.168.0.6  Any  Always
> on  H.323  ALLOW always  192.168.0.6  Any  Always
> on  Port >1023  ALLOW always  Any  Any  Always
> on  Samba  ALLOW always  Any  0.0.0.0  Always
> on  samba2  ALLOW always  Any  0.0.0.0  Always
> on  samba3  ALLOW always  Any  0.0.0.0  Always
> on  Any(ALL)  BLOCK always  Any  Any  Always
>      Default  Yes  Any  ALLOW always  Any  Any
>
> Some services like rsync and samba I want to keep within my LAN but my
> DG834 insists I give it a least one IP address on the WAN that my service
> can be broadcast to. I selected 0.0.0.0
>
> Can anyone advise, am I going about this the right way, any comment greatly
> appreciated :)
>
> Cheers
>
> Dave

I am not the best net admin on earth, but it seems to me that 0.0.0.0  is  
definitely not a broadcast address. If you want to keep things in your lan, 
you should have something like 192.168.0.255 instead.

Moreover, I do not quite understand what you are trying to do. I had 
approximately the same router (same brand anyway), and it did not block any 
lan-only services. What you're telling it is, for example, to block 
*outgoing* rsync. This should not in any case be blocking an rsync between 
two machines inside your LAN.

I hope this helps, even if i am not quite sure I understand what you're trying 
to do.

-- Jonathan

-- 
gentoo-user@gentoo.org mailing list

Reply via email to