Hello! I have a slight problem that i want to solve. Since the admins on our school is really nosy and scans our computers for ftp and web-servers among, to name a few examples i would like to shut them out completely from my computer. As it is now i have a pretty straight-forward firewall that only allows certain IP's that i accept to connect to my computer.
Just for the sake of it and for learning-purposes i would now like to build a better wall. The problem is that one computer that they scan from is the name-server and that one is hard to isolate it completely from here. The only thing i allow from the DNS is UDP from 1024-65535 since DNS, in case the packets isn't larger than 512 bytes which i haven't encountered so far, uses UDP on a port that the program can access itself. What i now would like to do is to organize it so that all the outgoing requests to the nameserver goes through a special port. I guess it would be done it i set up a nameserver on my own machine that sends the requests which should come back on port 53 but i don't like the idea of another large program that takes up my memory. 1) Is there a way just using chains to do that task or do i have to learn how masquerading works too? An example of how i would like it to be: netscape sends a gethostname() and the request goes out on, lets say, port 567 to the nameserver which responds to the same port on my computer and netscape gets the IP it searched for. 2) Another question is, is it possible to isolate 2 or more specific IP's with the same mask? How would i do? I guess that it would be possible with some sort of simple boolean algebra but i'm not sure. Example: isolate the addresses 10.0.0.1 and 10.0.0.2 and 10.0.0.7. I would be very glad if someone could help me out here. I know how to set up chains using ipchains so that won't be nessecery to explain, but i haven't fooled around with masquerading so that's the problem perhaps. These questions is directed to people that are kind enough to send me a good answer and not just to point to a bunch of HOWTO's. Advance thanks. // Marwin -- | Björn Elwhagen aka Marwin Finger [EMAIL PROTECTED] | | Student at Wexio University for PGP public key. (broken) | | Sweden ICQ: 356095 |