On Tuesday 15 February 2005 09:47 pm, you wrote: > On Tue, 15 Feb 2005, Eric Bambach wrote: > > Yep, you're 95% of the way there. > > Instead of the -L option try the -D option. This works to circumvent IRC > > restrictions for me in school ;) > > Im not too well read on ssh forwarding so I dont know the technical > > difference between them, but it seems -D will get you by just fine at > > least for web. > > > > Open console, type ssh -l username -D6667 mysshserver.com > > > > Then ssh will act as a socks4/socks5 proxy. Set up application > > appropriately and it will go! > > Thanks for the feedback. I'm looking for ways to test this out, and in > order to do so I need to be able to close all ports on the test machine > except 443. Is there some comand(s) I can issue that would do this? This > would be on a workstation, Debianish machine without any sort of firewall > running. Short of a command(s), what would be the simplest way to > accomplish this port blocking for testing purposes? Is there a system-wide > config I could edit?
Im not familiar with debian though usually you use iptables rules to close off your machine. Remember to do this locally! You will lose ssh connections if you play with iptables remotely and without caution ;) If you are blocking ALL outbound traffic see below. If you are blocking traffic coming in, change output to input and dport to sport. Man iptables will give you lots of info and there are MANY guides out there to get you started with firewalling. In either case, closing all but one port will require only two rules. #Something like this...havent written iptables rules in a while #Set the default policy to REJECT all outgoing connections iptables -P output REJECT #Add a rule to allow outgoing port 443 traffic iptables -A output -p ip --dport 443 -j ACCEPT HTH! > Thanks, James > - > To unsubscribe from this list: send the line "unsubscribe linux-newbie" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.linux-learn.org/faqs -- ---------------------------------------- --EB > All is fine except that I can reliably "oops" it simply by trying to read > from /proc/apm (e.g. cat /proc/apm). > oops output and ksymoops-2.3.4 output is attached. > Is there anything else I can contribute? The latitude and longtitude of the bios writers current position, and a ballistic missile. ����������������--Alan Cox LKML-December 08,2000 ---------------------------------------- - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs
