Hi.
On Thu, May 16, 2019 at 01:28:41PM +1200, Richard Hector wrote:
> Hi all,
> What I think doesn't work so well is attempting to filter traffic either
> between containers,
"modproble br_netfilter", then it'll be the same netfilter rules.
> or between a container and the host.
Should
Hi all,
I have a couple of VPSes (Xen and KVM based), in which I run LXC containers.
Currently I have a bridge device set up on the host (not bridged to the
external network), and iptables to do firewalling and NAT as required.
Here's my bridge setup, if that helps:
---
Someone wrote:
> Being on the road a lot with my trusted lappy, I'd like to get
> suggestions on the best solution for an iptables based firewall that
> needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
> I should be able to apply rules on the fly using tools such as wireshar
>
> I use firestarter as well on my etch laptop. One problem I have is that
> I have to manually reconfigure firestarter to switch from cable (eth0)
> to wireless (eth2). How did you solve this problem?
>
> If you just configure it once, say for eth0, it will simply ignore all
> the traffic on et
* Patter <[EMAIL PROTECTED]> [2007-11-21 16:29:11 +]:
> unless you run services on your laptop.
>
I do. Which moves me to monitor first, then allow services while taking
appropriate precautions with custom rules in new environments...
Regards,
Klein.
signature.asc
Description: Digital si
On Wed, 21 Nov 2007 14:40:21 +0100, Douglas A. Tutty wrote:
> You could create a set of config files for each setup and write a script
> that copies the correct set to /etc/shorewall then restarts shorewall.
> Have the script start when an interface goes up.
Though a decent connection-tracking 'al
* Douglas A. Tutty <[EMAIL PROTECTED]> [2007-11-21 08:32:41 -0500]:
> You could look at shorewall. It has a great set of docs in
> shorewall-doc.
Yes, it does. I use it at three systems on dedicated firewall boxes.
Hadn't thought about using it in a laptop environment.
>
> Your laptop has thr
On Wed, Nov 21, 2007 at 01:49:15PM +0700, Klein Moebius wrote:
> Being on the road a lot with my trusted lappy, I'd like to get
> suggestions on the best solution for an iptables based firewall that
> needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
> I should be able to app
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Amit Uttamchandani wrote:
> I have a laptop that I use at home, on campus, and various other
> places. The firewall solution I use is called firestarter. The
> simplest way to get it up and running is sudo aptitude install
> firestarter. It is a front-
> Hi all,
>
> Being on the road a lot with my trusted lappy, I'd like to get
> suggestions on the best solution for an iptables based firewall that
> needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
> I should be able to apply rules on the fly using tools such as wireshark
Hi all,
Being on the road a lot with my trusted lappy, I'd like to get
suggestions on the best solution for an iptables based firewall that
needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
I should be able to apply rules on the fly using tools such as wireshark
to identify
Joe wrote:
> George Borisov wrote:
>> Andrew Sackville-West wrote:
>>> 1. use my smoothwall box as is, portforward IMAP to my server and run
>>>with it. potential problems are that my LAN, behind smoothwall, is
>>>pretty loosey goosey and I run a pretty good risk of being
>>>compromised
On Wed, Oct 18, 2006 at 02:02:30AM -0700, Adam D wrote:
> Just as I pressed send I forgot that I wanted to mention about the Debian
> firewall mailing list. The list is: debian-firewall@lists.debian.org It is
> accessible on the mailing lists section on:
> http://www.us.debian.org/MailingList
On Wed, Oct 18, 2006 at 11:28:04AM +0100, Joe wrote:
> George Borisov wrote:
>
> It depends how sophisticated you want to be: you can also
> forget IMAP, and use mutt over ssh, or even cat and the
> sendmail command if you ssh to the machine hosting the mail.
> That really won't leave much of a fo
On Wed, Oct 18, 2006 at 01:48:49AM -0700, Adam D wrote:
> Andrew Sackville-West wrote:
> > On Tue, Oct 17, 2006 at 07:20:31PM -0700, Adam D wrote:
> >> Andrew Sackville-West wrote:
> >>> Hi list, I need some advice. My work situation has changed such that I
> >>> now have to get out of my chair and
Joe wrote:
> I'd go along with that. I run sshd on a non-standard port, to
> avoid the automated attacks, and forward IMAP to the remote
> machine. Since it's normally a Windows one, I have puTTY and
> my encrypted private key on a USB drive, and configure Outlook
> or Outlook Express to talk to m
George Borisov wrote:
Andrew Sackville-West wrote:
1. use my smoothwall box as is, portforward IMAP to my server and run
with it. potential problems are that my LAN, behind smoothwall, is
pretty loosey goosey and I run a pretty good risk of being
compromised. especially because i"m runn
Just as I pressed send I forgot that I wanted to mention about the Debian
firewall mailing list. The list is: debian-firewall@lists.debian.org It is
accessible on the mailing lists section on:
http://www.us.debian.org/MailingLists/subscribe
A good place for more specific and future help.
-A
Andrew Sackville-West wrote:
>
> 1. use my smoothwall box as is, portforward IMAP to my server and run
>with it. potential problems are that my LAN, behind smoothwall, is
>pretty loosey goosey and I run a pretty good risk of being
>compromised. especially because i"m running a not-up-t
Andrew Sackville-West wrote:
> On Tue, Oct 17, 2006 at 07:20:31PM -0700, Adam D wrote:
>> Andrew Sackville-West wrote:
>>> Hi list, I need some advice. My work situation has changed such that I
>>> now have to get out of my chair and climb out of my basement at
>>> frequent but irregular intervals.
On Tue, Oct 17, 2006 at 07:20:31PM -0700, Adam D wrote:
> Andrew Sackville-West wrote:
> > Hi list, I need some advice. My work situation has changed such that I
> > now have to get out of my chair and climb out of my basement at
> > frequent but irregular intervals. I live by email and need to con
Andrew Sackville-West wrote:
> Hi list, I need some advice. My work situation has changed such that I
> now have to get out of my chair and climb out of my basement at
> frequent but irregular intervals. I live by email and need to connect
> to my email and possibly my desktop from multiple locatio
Hi list, I need some advice. My work situation has changed such that I
now have to get out of my chair and climb out of my basement at
frequent but irregular intervals. I live by email and need to connect
to my email and possibly my desktop from multiple locations.
So, obviously, IMAP to the rescu
Bradley Alexander wrote:
I'm hoping some kind soul on this list might have a few minutes for an
email exchange to help me get this sorted out. If so, please email me
off-list. I'm sure its probably something that I overlooked, but I'm at
a loss as to what.
Have you switched off rp_filter and ar
Did not even think about the top posting on Debian lists.
To many lists, to many rules. ;-)
Anyway, don't forget to also secure your firewall the best way you can.
Good read: http://www.debian.org/doc/user-manuals#securing
Mark
Clifford W. Hansen wrote:
> Greetz,
>
> Firstly I'm only top postin
Greetz,
Firstly I'm only top posting to keep with the flow...
secondly, I agree with Mark, I've used shorewall and found it really
easy to use especially when you are lazy++ like me...
After installing shorewall "apt-get install shorewall shorewall-docs"
you will need to set:
Firew
Hi,
Listen I don't want to be an ass... No really.. I don't!
But would the use shorewall not make it easier? Or even the IPcop
distribution?
Seriously, I'd like to know the reasoning behind choosing the manual
route instead of a easier automated one.
Thanks,
Mark
Bradley Alexander wrote:
> I a
Bradley Alexander a écrit :
I am trying to configure a firewall, but nailing down the configuration
is eluding me. The box is running Debian stable. I have tried with
iproute2 (I'm including a description below), but not gotten the
intended effect. I have tried the lartc list, to no avail. A frie
I am trying to configure a firewall, but nailing down the configuration
is eluding me. The box is running Debian stable. I have tried with
iproute2 (I'm including a description below), but not gotten the
intended effect. I have tried the lartc list, to no avail. A friend of
mine suggested setting u
Will Parsons wrote:
I have a desktop machine onto which I installed woody, which originally
ran a 2.2.20 kernel and was configured using heimdall to use ipchains
for firewalling. (There is a script /etc/heimdall/firewall.sh which
invokes ipchains rules.) Awhile ago, I built a custom 2.4.18
Will Parsons wrote:
I have a desktop machine onto which I installed woody, which originally
ran a 2.2.20 kernel and was configured using heimdall to use ipchains
for firewalling. (There is a script /etc/heimdall/firewall.sh which
invokes ipchains rules.) Awhile ago, I built a custom 2.4.18
I have a desktop machine onto which I installed woody, which originally
ran a 2.2.20 kernel and was configured using heimdall to use ipchains
for firewalling. (There is a script /etc/heimdall/firewall.sh which
invokes ipchains rules.) Awhile ago, I built a custom 2.4.18 kernel and
have been
Title: Message
Accurate Software
[EMAIL PROTECTED]
www.accuratesoftware.com
Europe . North America . Australasia . Africa
Title: Message
Hiya,
Ipchains is a
packet filtering firewall. All packets that pass through the machine are
examined for the source, destination any type. The packets your appliactions
sent to the linux box are not stamped with the appliation that sent
them.
The mechanism for
this level of
On Tue, 4 Mar 2003 02:04, Russell Shaw wrote:
> bob parker wrote:
> > My son's proposed network is to be this:
> >
> > Firewall / NAT / Gateway machine connected to cable using 1 nic.
> > Connects to hardware router / switch using 2nd nic.
> > He has the switch and will be buying a PIII 400 2nd han
On Tue, Mar 04, 2003 at 02:04:38AM +1100, Russell Shaw wrote:
> Just connect the two new PCs into two NICs on the gateway pc. Verify the
> local connections work and that the cable connection works on the gateway
> pc, then install ipmasq.
This works, but be sure to check /usr/share/doc/ipmasq for
Actually my firewall has no X installed on it... I use
fwbuilder on my workstation behind the firewall and copy the script over
via scp... My firewall is a dedicated head-less machine with a 4-port
switch card for the external interface and a 10/100 NIC for the
internal...
Jeremy
On Tue, Mar 04, 2003 at 01:38:01AM +1100, bob parker wrote:
> Now that is appealing, I run 3.0r1, so I can build the fw script on my m/c.
> Does it support iptables? I am a complete newbie at this but I think I should
> go for the latest techniques.
>
> Thanks
> Bob
>
Firewall Builder ha
Hi,
On Tue, Mar 04, 2003 at 12:11:12AM +1100, bob parker wrote:
> My son's proposed network is to be this:
>
> Firewall / NAT / Gateway machine connected to cable using 1 nic.
> Connects to hardware router / switch using 2nd nic.
> He has the switch and will be buying a PIII 400 2nd hand for the
ne?
>
> Shorewall is an iptables based firewalling framework, it looks like a very
> capable (I haven't actually tried it).
>
> It is packaged for Debian, you can read up on it at http://www.shorewall.net/
Also, there's gshield which has a deb package as well. I use and
On Monday 03 March 2003 08:11, bob parker wrote:
> The fw machine is to run Debian with 2.4 kernel and iptables.
> My question is, what is the best way to go about setting up the Debian fw
> machine?
Shorewall is an iptables based firewalling framework, it looks like a very
capable (
bob parker wrote:
My son's proposed network is to be this:
Firewall / NAT / Gateway machine connected to cable using 1 nic.
Connects to hardware router / switch using 2nd nic.
He has the switch and will be buying a PIII 400 2nd hand for the fw.
We both know it's overkill but spares for PIIIs are c
Op ma 03-03-2003, om 15:03 schreef Jamin Collins:
> On Mon, Mar 03, 2003 at 05:36:54AM -0800, Jeremy T. Bouse wrote:
>
> > Well if you have atleast one machine running with X11 you could
> > install Firewall Builder (fwbuilder)[1] which has a relatively straight
> > forward GUI that will allow
On Tue, 4 Mar 2003 00:36, Jeremy T. Bouse wrote:
> Well if you have atleast one machine running with X11 you could
> install Firewall Builder (fwbuilder)[1] which has a relatively straight
> forward GUI that will allow you to drag and drop to create the rules you
> want for the firewal... It
On Tue, 4 Mar 2003 00:59, Jamin Collins wrote:
> On Tue, Mar 04, 2003 at 12:11:12AM +1100, bob parker wrote:
> > My son's proposed network is to be this:
> >
> > Firewall / NAT / Gateway machine connected to cable using 1 nic.
> > Connects to hardware router / switch using 2nd nic.
>
> No need for
On Tue, Mar 04, 2003 at 12:11:12AM +1100, bob parker wrote:
> My son's proposed network is to be this:
>
> Firewall / NAT / Gateway machine connected to cable using 1 nic.
> Connects to hardware router / switch using 2nd nic.
No need for an additional router, the Linux firewall can provide this
f
On Mon, Mar 03, 2003 at 05:36:54AM -0800, Jeremy T. Bouse wrote:
> Well if you have atleast one machine running with X11 you could
> install Firewall Builder (fwbuilder)[1] which has a relatively straight
> forward GUI that will allow you to drag and drop to create the rules you
> want for t
Well if you have atleast one machine running with X11 you could
install Firewall Builder (fwbuilder)[1] which has a relatively straight
forward GUI that will allow you to drag and drop to create the rules you
want for the firewal... It then compiles to build a shell script which
you can the
My son's proposed network is to be this:
Firewall / NAT / Gateway machine connected to cable using 1 nic.
Connects to hardware router / switch using 2nd nic.
He has the switch and will be buying a PIII 400 2nd hand for the fw.
We both know it's overkill but spares for PIIIs are cheaper than earlie
On Fri, Mar 29, 2002 at 12:24:37PM +0900, Olaf Meeuwissen wrote:
> Dear .debs,
>
> I have a DHCP client that receives a lot of its networking information
> from our DHCP servers. Things like routers, mail and name servers. I
> would like to put an iptables based packet filtering firewall on this
On 29 Mar 2002 12:24:37 +0900
Olaf Meeuwissen <[EMAIL PROTECTED]> wrote:
> Dear .debs,
>
> I have a DHCP client that receives a lot of its networking information
> from our DHCP servers. Things like routers, mail and name servers. I
> would like to put an iptables based packet filtering firewal
Dear .debs,
I have a DHCP client that receives a lot of its networking information
from our DHCP servers. Things like routers, mail and name servers. I
would like to put an iptables based packet filtering firewall on this
client that by default drops everything unless explicitly allowed.
I set
wsa <[EMAIL PROTECTED]> writes:
wsa> My question was about linux and how to accomplish security
wsa> on application level, like what happens in windows with a personal
wsa> firewall.
wsa> Because i don't understand how i can achieve full security when opening
wsa> ports...like port 80 for the web
* wsa ([EMAIL PROTECTED]) spake thusly:
> HI,
>
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
>
> I wasn't asking what to do in windows...although i did mention
> windows which probably made everyone run for the hills:)
>
> My que
On Sun, 30 Dec 2001, wsa wrote:
> HI,
>
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
>
> I wasn't asking what to do in windows...although i did mention
> windows which probably made everyone run for the hills:)
>
> My question wa
although i did mention
> windows which probably made everyone run for the hills:)
> My question was about linux and how to accomplish security
> on application level, like what happens in windows with a personal
> firewall.
Generally, Linux/Unix doesn't handle firewalling this way
HI,
Maybe in my original mail i wasn't very clear judging from the
responses i got...so i'll try one more time.
I wasn't asking what to do in windows...although i did mention
windows which probably made everyone run for the hills:)
My question was about linux and how to accomplish security
on a
hi ya
there is a gazillion various "howto" too much ..that gets confusing...
and just as many different fw config tools and more log analysis stuff
http://www.Linux-Sec.net/Firewall
simplified rules ...
- let your cable modem just transfer info to/from cable modem
Quoting [EMAIL PROTECTED]:
> I need to setup a firewall box for my ethernet cable modem. Is there a
> checklist or HOWTO I can use to set up the Debian based firewall?
>
> E.g.
> 1. What is the minimal number of packages I need?
> 2. How should I setup dhcp ( external to ISP ) and internal to NATe
^chewie <[EMAIL PROTECTED]> writes:
> On Mon, Dec 04, 2000 at 10:11:54AM -0600, Carlo U. Segre wrote:
> >
> > Hello All:
> >
> > I wanted to know what the proper way would be to set up firewalling rules
> > in a potato system. Putting the ipfwadm or ipcha
On Mon, Dec 04, 2000 at 10:11:54AM -0600, Carlo U. Segre wrote:
>
> Hello All:
>
> I wanted to know what the proper way would be to set up firewalling rules
> in a potato system. Putting the ipfwadm or ipchains lines in
> /etc/init.d/networking (I have used /etc/init.d/netbas
Hello All:
I wanted to know what the proper way would be to set up firewalling rules
in a potato system. Putting the ipfwadm or ipchains lines in
/etc/init.d/networking (I have used /etc/init.d/netbase in slink) is the
most direct way I can think of but that may not be the "right" wa
Hi,
> One machine I administer has this rule
>
> /sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME
> ! 20:80 -v -y $LOGIT
>
> This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
> to establish a new connection) to work only on ports 20 through
I think the cleanest way to do this is
# cp -p /etc/init.d/portmap /root/
# update-rc.d portmap remove
and then keep track of the links (which update-rc.d will tell you about)
in case you need to put it back.
# ls portmap*
portmap portmap.links
# cat portmap.links
/etc/rc0.d/S10portmap
On Mon, Nov 13, 2000 at 02:14:23PM +0100, Sebastiaan wrote:
>
> Hello,
>
> I am configuring a computer as a firewall and ip-masquerading server.
> Being on this adventure (it is my first time doing this), I have the
> following questions:
>
> - I did a nmap localhost and discovered that unwanted
Quoting Sebastiaan ([EMAIL PROTECTED]):
> - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
> and 'printer' (515) are open. I have not found these in inetd.conf and I
> do not know how to turn these off. I have already tried removing sunrpc.o
> from the modules, but the co
On 13/11/2000 at 14:14 +0100, Sebastiaan wrote:
>
> - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
> and 'printer' (515) are open. I have not found these in inetd.conf and I
> do not know how to turn these off. I have already tried removing sunrpc.o
> from the modules,
Hello,
I am configuring a computer as a firewall and ip-masquerading server.
Being on this adventure (it is my first time doing this), I have the
following questions:
- I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
and 'printer' (515) are open. I have not found these i
** Reply to note from Phil Brutsche <[EMAIL PROTECTED]> Sun, 16 Jul 2000
11:14:30 -0500 (CDT)
> PMFirewall is a set of perl scripts that will give you a good beginning on
> what is generally believed to be a secure firewall. It should do what you
> want.
>
> The homepage is http://www.poin
A long time ago, in a galaxy far, far way, someone said...
> I'm running Potato with a 2.2.14 kernel.
>
> Is it possible to use Ipchains to firewall a single machine?
Yes.
> The various documents on Ipchains which I have read (and can't
> understand anyway) seem to assume that the firewall will
[EMAIL PROTECTED] wrote:
> I have a small network (3 machines) at home and I have a modem in one
> machine which is the only machine that will access the internet. The other
> machines will not be accessing the internet in any way.
IP-Masquerade-HOWTO should help you.
regards,
abe
I'm running Potato with a 2.2.14 kernel.
Is it possible to use Ipchains to firewall a single machine?
The various documents on Ipchains which I have read (and can't understand
anyway) seem to assume that the firewall will be on its own machine and talks
in terms of two network cards.
I have a sm
this is driving me crazy.
i admit i suck at firewalling :)
BUT this just doesn't make sense.
what im tryin to do with ipchains (works fine with ipfwadm) is for
example:
block port 111 both udp and tcp.
the commands im using is:
/sbin/ipchains -A input -s 0.0.0.0/0 -d 208.222.179.27 1
> Yes. It's a protocol which allows a system to ask a system with which
> it has a TCP connection to give it some information about who's on the
> other end of that connection. This is useful for auditing purposes,
> although you can only trust the information as much as you can trust the
> remo
On Fri, 3 Sep 1999, Mario Olimpio de Menezes wrote:
> accordingly to the man page (ipchains(8)):
>
> --destination-port [!] [port[:port]]
> This allows separate specifiction of the ports.
> See the description of the -s flag for details.
> The f
On Fri, 3 Sep 1999, Mark Brown wrote:
>
> > Unfortunately, ipchains does not like --dport:
>
> The option is --destination-port.
>
accordingly to the man page (ipchains(8)):
--destination-port [!] [port[:port]]
This allows separate specifiction of the ports.
S
On Thu, Sep 02, 1999 at 10:53:49AM -0700, Patrick Olson wrote:
> > Make sure you're allowing ident connections. Even if you don't answer
> > them, you want to refuse connections rather than dropping the packets.
> > Some systems will timeout the connection attempt.
> I'm a little confused here,
On Thu, Sep 02, 1999 at 10:55:56AM -0700, Patrick Olson wrote:
> > if you use dhcp for anything, you must enable source/destination for
> > 255.255.255.255 as well as the routes for this. This caught me some time
> > ago :(
> I don't think I use dhcp, but I'm not really sure about PPP. When usin
> > I have the following specific questions:
> > 1. Have I made any mistakes that could cause really annoying problems?
> >(perhaps unintentionally blocking something that shouldn't be blocked)
>
> if you use dhcp for anything, you must enable source/destination for
> 255.255.255.255 as well
> > if you use dhcp for anything, you must enable source/destination for
> > 255.255.255.255 as well as the routes for this. This caught me some time
> > ago :(
>
> Make sure you're allowing ident connections. Even if you don't answer
> them, you want to refuse connections rather than dropping t
On Thu, Sep 02, 1999 at 09:48:01AM -0300, Mario Olimpio de Menezes wrote:
> On Wed, 1 Sep 1999, Patrick Olson wrote:
> > I have the following specific questions:
> > 1. Have I made any mistakes that could cause really annoying problems?
> >(perhaps unintentionally blocking something that shoul
On Wed, 1 Sep 1999, Patrick Olson wrote:
>
>
> I am thinking of using IP chains to tighten security a little on my Debian
> 2.1 box. Currently, I have it set up as follows:
>
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.9/255.255.255.255 -j MASQ
>
> Below is a much more invol
I am thinking of using IP chains to tighten security a little on my Debian
2.1 box. Currently, I have it set up as follows:
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.9/255.255.255.255 -j MASQ
Below is a much more involved setup I created based on the information in
the HOW-TO. T
body tell me what I'm doing wrong?
The firewalling stuff changed in 2.2. ipchains is now used instead of
ipfwadm. Either run 2.0.37 instead of 2.2.10, or convert your scripts
to use ipchains. For more info, Check out the IP-CHAINS-HOWTO or
the IP-Masquerading-mini-HOWTO, both available
Hi all,
I'm setting up a machine here to take over the job of our firewall
temporarily. Both machines have the same network cards in the same
configuration. The current firewall is a debian 2.0 machine running
kernel 2.0.29 on an i486. The temp machine is an i386, debian 2.1, kernel
2.2.
On Sat, Aug 14, 1999 at 12:56:20AM +0200, Peter Palfrader aka Weasel wrote:
> ipchains -A output -j ACCEPT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0
> ipchains -A input -j ACCEPT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0
You can restrict this to 127/8 and all local addresses. In Addition to that
you should DENY all i
Hi!
I'm playing around with firewalling a bit and would like to know if I got this
little (not real world) task right:
I tried to setup the ipchains so that the only thing 'marvin' should be able to
do is using smtp with host 'laus'.
Is the following correct for my
On Tue, 15 Sep 1998, Kendall P. Bullen wrote:
> The protected machine is running Solaris 2.5.1 (possible to be
> upgraded to 2.6). It has another 'private' IP address, 192.168.2.2.
> (Using those private network numbers seemed like a good idea for
> security reasons.) It can ping the IP address
> If some kind soul could help, I'd appreciate it. :-) The HOWTO
> instructions don't seem to work correctly (but more than likely, my
> lack of understanding is at fault), so I plea for help. :-)
You don't say which HOWTO, but the IP-Masquerade mini-HOWTO is
excellent. Print that, print the ip
The missing link for me was that if you're using "standard" linux
firewalling, which is packet filtering, you _need_ ip forwarding enabled.
(The HOWTO says don't enable it, but that's for TIS proxying firewalls -
not what we're talking about here.)
Also, for ipchain
Hi All,
If some kind soul could help, I'd appreciate it. :-) The HOWTO
instructions don't seem to work correctly (but more than likely, my
lack of understanding is at fault), so I plea for help. :-)
THE MACHINES: The firewall machine is running that latest Debian.
Aside from a few default thing
Kendall,
I'm sure you'll get all sorts of help here. There's a URL for IPMasq,
which seems to be the firewalling technique of choice:
http://ipmasq.home.ml.org/
One of the things you'll need to do is recompile the kernel; a key to
doing
that is make
On 1 Sep 1998, Manoj Srivastava wrote:
: Hi,
:
: I am very happy with tulip based cards. There is an actively
: developed set of drivers and other information at
: http://cesdis.gsfc.nasa.gov/linux/drivers/tulip.html.
For the most part I agree - the tulip based cards are excellent.
Hi,
I am very happy with tulip based cards. There is an actively
developed set of drivers and other information at
http://cesdis.gsfc.nasa.gov/linux/drivers/tulip.html.
manoj
/* tulip.c: A DEC 21040-family ethernet driver for Linux. */
/*
Written 1994-1998 by Donald Bec
Hiya,
I'm setting up a machine to act as a firewall or router or something
(not sure what the exact term is -- basically, to allow only certain
Internet IPs to get to a machine that will be behind this
firewall-or-whatever). As such, I was planning on two NICs and having
a Debian system that does
> I am trying to set up a firewall on our network, but to allow ftp
> connections from internal machines to specific external sites (on a
> per-site basis). The problem I am having is that ftp seems to use ports
> other than 20 and 21.
>
> At the moment I only allow transfers on these two ports.
Hi,
Sorry if this is off-the-topic.
I am trying to set up a firewall on our network, but to allow ftp
connections from internal machines to specific external sites (on a
per-site basis). The problem I am having is that ftp seems to use ports
other than 20 and 21.
At the moment I only allow tra
> But I would also see the internet and the world would see me. Can I
> configure my Linux system to protect myself from access from anywhere
> other than the office (and maybe my Mom's house) or do I need to place a
> second physical PC acting as a firewall between me and the cable modem?
>
Ric
I may switch from ISDN to a "business class" cable modem service that
routes packets between my home and office directly from the cable modem
head through ATM VPC. IE, this traffic is supposedly not at risk.
(I hope I have the above correct; it's not my area of expertise)
But I would also see th
99 matches
Mail list logo
