Hi,
What is the point of allowing services out that you dont need. Port 139 for example.
Generally the less you have the more secure .... or rather less possible points of attack.
The external machines are to connect to port YYY on the internal server.
In the MASQ-how to they make mention that 7.1 redhat supports MASQ out of the box. But I read somewhere else that I need to make sure that I have the MASQ modules under /proc/sys/net/ipv4/ which I dont see.
-----Original Message-----
From: Michael R. Jinks [mailto:[EMAIL PROTECTED]]
Sent: 12 June 2001 11:20
To: Johnston Mark
Cc: [EMAIL PROTECTED]
Subject: Re: IPchains
Johnston Mark wrote:
> I can allow all connections out from internally (obviously it would be
> better to restrict this)
Why? Just curious.
> but only port yyy from externally and only
> those machines.
So, you want your external machines to connect to port yyy on the
firewal? Or port yyy on the NT machine?
> My woes come in with MASQ .... I understand the concept fine and the
> rules concept fine, its just putting it into practice. According to one
> site, 7.1 comes std out the box ready for MASQ but then another says
> that I am missing some files.
Which files? Which reference?
Also, since you're already using Red Hat 7.1, you might want to consider
using iptables instead of ipchains. More complete, for one thing, and
the MASQ support should be better.
--
~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~
