> From: "E. Stroh" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Date: Tue, 4 Jul 2000 18:30:42 -0500
> Content-Type: text/plain;
> charset="iso-8859-1"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> Content-Length: 3244
>
> Dave:
>
> Thanks.. Yes I have been dialing in to freewwweb.com via Linux. I use Kppp
> using PAP. Need the DNS numbers, (primary 216.70.64.1 and secondary
> 216.70.64.2). Also note that the user name is your entire e-mail address for
> login purposes not just the username by itself. That hung me up for several
> days till I read through their how to connect page thoroughly. The only
> thing I have not been able to get working is there news service. I believe
> it to be there actual news server though as I have had no problems up till
> about 3 weeks ago. I sent a message to there support staff about a week ago
> but no answer yet. I think they are still trying to work the bugs out of
> their fast growing network. I have also noticed some mail server problems
> from time to time. But all in all for being a free connect ISP with the only
> requirement is that you place home.freewwweb.com as your browser startup
> page you can not loose. I have never had a connection problem with them and
> carry multiple user names and passwords. I have noticed on the list that
> they limit access but I have yet to see a problem with the number of hours
> connected. I stay connected probably 300 + hours per month with no problem.
> I used own/operate an ISP but sold out after competition finally got to the
> point where it was just not worth the trouble nor were we making money just
> breaking even. It is a big step backwards as far as speed for the old modem
> vs. the T-1 I used to enjoy. I am in an area where ADSL is not available yet
> so no luck there either.
I used a local ISP in Columbus, OH for about 2.5 years before finally
deciding to get a cable modem at least for the summer so I could do
most of my work from home this summer. I doubt I'll go back to a
dial-up connection - the speed is nice, but the main benefit for us is
it doesn't tie up the phone and it's nice not to have to wait for it
to connect.
I set up a Linux IP-Masquerade server for my church so all the staff
could access e-mail and the web through it and was using worldspy.com,
but they just sold out or merged with Juno and I think you need their
special Windows software to use Juno. Worldspy was a normal pap ppp
setup so I may see if I can use freewwweb.com now for the church.
> Anyway thanks and I will get on to that IP masquerade so I can get my home
> networked as we were before.
Here's the short version. This assumes your LAN is 192.168.1.x.
Put this in /etc/rc.d/rc.local
# default policy for forwards is DENY
/sbin/ipchains -P forward DENY
# masquerade local network
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
Also:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then tell all your other machines to use your Linux machine as their
gateway. You'll probably want to read more about ipchains to disallow
incoming connections.
Here's some more of my "firewall" rules:
# rr-in chain for road runner
/sbin/ipchains -N rr-in
/sbin/ipchains -A input -i eth0 -j rr-in
# allow ident requests from everyone
/sbin/ipchains -A rr-in -p tcp -s 0/0 -d 0/0 113 -j ACCEPT
# reject all ppp interface packets with a source address of 192.168.1.0/24
/sbin/ipchains -A rr-in -s 192.168.1.0/24 -l -j DENY
# allow wget to work - return ftp data only (ftp-data) but only
# through ports 1024-5999 and above 6010 (6000-6010 is for X11)
/sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 0:1023 -j REJECT
/sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 6000:6009 -j REJECT
/sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 1024:5999 -j ACCEPT
/sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 6011: -j ACCEPT
# reject all incoming tcp connection initializations
/sbin/ipchains -A rr-in -p tcp -y -l -j REJECT
# reject all incoming ping requests
/sbin/ipchains -A rr-in -p icmp --icmp-type echo-request -l -j REJECT
The IP-Masquerade HOWTO and ipchains/firewall (can't remember which
one it's called) HOWTOs provide lots more details, although I found
the Masquerade HOWTO much easier to read.
Thanks for the info on freewwweb.com
Dave
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
