Ralph Shumaker wrote:
DJA wrote:
Ralph Shumaker wrote:
OK, but the error dialog is not straight forward:
"rpcgssd failed. The error was: [blank]"
Where [blank] was simply nothing, no text, no nothing.
Yeah, that's lame.
It's a means of getting certain service packets to the right box even
though there is only one IP address for you available to the rest of
the world.
This sounds like a good reason to get IPv6 into the mainstream.
Isn't IPv6 mostly about more IP addresses for hoarders?
This
reminds me, whatever happened with the guys that were going to set up
(mentioned here on a kplug list) a completely free porn site on IPv6
(which initially was supposed to be operational in September 2006 IIRC)?
IPv6's Killer App?
The DSL management interface may or may not be accessible, though.
Here's what I would try:
# ifconfig eth0:1 192.168.1.99
# ping 192.168.1.1
if ping works, point your browser at http://192.168.1.1, and poke
around.
What the above is, is an ethernet "alias" which behaves like another
interface working through the same hardware and ethernet wiring.
Yep, that did the trick. I'm in. Now I need to regress in this thread
since what you suggested has either been snipped or I'm just not
seeing it.
If I found it, you suggested looking for unexpected port forwarding.
I don't know where to look for that. There seems to be a _lot_ in
there. But I did find a list of services:
☐ FTP
☑ HTTP
☑ ICMP
☑ SNMP
☑ TELNET
☑ TFTP
If you are not running servers for any of the above, then none of
those, except ICMP should be checked. Especially Telnet (use SSH
instead if needed) and TFTP. This assumes that those settings actually
refer to Port Forwarding, which I doubt. I think they just allow those
packets through, suggesting your modem does do some very basic
firewalling?
It must have been snipped out at some point:
dslextreme, yes. I don't remember if it has firewall built-in. It says
DSL-2320B on the front of it. dlink.com says its firewalling is:
• MAC Filtering
• Packet Filtering
• Stateful Packet Inspection (SPI)
• User Authentication PAP
• User Authentication CHAP
Here's the link (IIRC) where I found it:
http://www.dlink.com/products/resource.asp?pid=554&rid=2122&sec=0
So, does this mean that the firewall in my DSL modem is insufficient?
As I said in a subsequent post: You're fine. Your modem has a good
enough firewall.
It's amazing to me to think that my Linux machine had no barrier but its
own built in defenses when I surfed over a regular modem. I realize
that most people may have the initial reaction "Well over such a thin
pipe, of course there wasn't much risk!"...
Bandwidth is not a real factor. Availability (sufficient access in terms
of time: i.e. persistency) of your connection is.
...except that my windows machine
(over the same pipe) had to have zoneAlarm running to keep it safe.
Zone Alarm is not designed to keep bad things out. It's designed to keep
bad things in. That is, it's designed to prevent malicious code already
on your box from "Phoning home" your data. Even then it's not a tightly
sealed door, unless you want to be completely isolated from any other
computer anywhere.
The best way to avoid Windows becoming infested is to abstain from using
Windows. Or use it in an insulated/isolated environment.
Where should I go if I want a basic coverage of how to do IPtables?
I'd look on the Internet. ;)
It will go away on next boot, or if desired you can get rid of it by
# ifconfig eth0:1 0.0.0.0
I see no harm in leaving it. In fact, how can I make it survive a
reboot?
Should one?
Only so that I don't have to rely on vague memories of how to do it
again when I need it. I guess I'll just have to add a few lines to my
notes. My only trouble there is that I keep it as a file and have to
remember the name and where it is (used very infrequently).
I meant in terms of security.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
