On Fri, Feb 09, 2001 at 08:35:46PM -0500, Randy Perkins wrote:
> i am not an expert but my system is working
> do you have forwarding turned on
> /etc/sysconfig/network
> ...
> FORWARD_IPV4="YES"
> ...
>
With the later kernels, you need more then this. You may want to add
some of these commands to your firewall rules:
# Enable IP Forwarding, if it isn't already
sysctl -w net.ipv4.ip_forward=1
# Enable TCP SYN Cookie Protection
sysctl -w net.ipv4.tcp_syncookies=1
# Enable always defragging Protection
sysctl -w net.ipv4.ip_always_defrag=1
# Enable broadcast echo Protection
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
# Enable bad error message Protection
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
# Enable IP spoofing protection
# turn on Source Address Verification
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.conf.all.rp_filter=1
# Disable ICMP Redirect Acceptance
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
# Disable Source Routed Packets
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.all.accept_source_route=0
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
sysctl -w net.ipv4.conf.default.log_martians=1
sysctl -w net.ipv4.conf.all.log_martians=1
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
