Hi all,
I've got a couple of quick questions (no brainers for the pro's) that I
need a hand answering, I figured it easier to wait a while to get a list of
questions that hopefully you can all help me out with...
I'm running eiger static with a "bastardised" (if there is such a word)
version of the extended scripts.
The LRP box is a proud edition to the network with it quite happily
chugging along hosting 30 internal PC's, 15 odd servers sitting in the DMZ,
10M Microwave connection with a class c on the live side of things. It
truly is amazing what such a simple setup can handle.
Anyway on with the questions..
1. Is there a package out there that can monitor the syslog (or denied
rules) to maybe send an email out when certain types of packet's get denied
(hmm not at packet level more like if say there is activity on port 23 of a
certain IP, that is being denied then send an email)
2. What do I need to change to have my firewall send all it's syslog info
to a syslog server?
3. I'm running the socks5 package on my firewall, how do I DISABLE logging
in syslog. I'm getting heaps of these kind's of lines....
Jul 31 11:11:38 Firewall01 Socks5[23491]: TCP Connection Request: Connect
(10.0.10.35:3039 to 205.188.248.57:80) for user
Jul 31 11:11:38 Firewall01 Socks5[23491]: TCP Connection Established:
Connect (10.0.10.35:3039 to 205.188.248.57:80) for user
Jul 31 11:11:38 Firewall01 Socks5[23491]: TCP Connection Terminated: Normal
(10.0.10.35:3039 to 205.188.248.57:80) for user : 252 bytes out, 29 bytes
in
4. If I wish to see all rulset denies etc I gather I have to add -l to all
my deny firewall rules in ipfilter.conf, is that correct?
5. How do I deny icmp (ping) on all my external IP's? I know it's in the
extended scripts but I can't find the rule that denies, all I can find is
there....
$IPCH -A input -j DENY -p icmp --icmp-type timestamp-request -l
$IPCH -A input -j DENY -p icmp --icmp-type timestamp-reply -l
6. Ok this one will take a little bit to explain..
I have a win2k network (2k server, 2k clients etc, on a domain running
active directory and so on) The firewall is setup to handle the connection
to the internet, and protect the servers in the DMZ.
Some of the internal people are running the own ftp server (setup for
passive mode only) ie the boss ;o), at the moment I have put in some rules
to manually handle this..
eg: $IPCH -A input -p tcp -s 10.0.10.30 -d 0/0 13600:13649 -j ACCEPT
$IPCH -A input -p tcp -s 0/0 13600:13649 -d 10.0.10.30 -j ACCEPT
$IPMASQADM autofw -A -r tcp 13600 13649 -h 10.0.10.30
and of course I forwarding port 21 to his machine.
I wish to be able to run the DHCP server package on my firewall, but how do
I handle mapping a LIVE ip to the internal DHCP assigned IP. (as in the
boss's IP might change as DCHP leases expire and renew, how do I write
rulsets so that I'm mapping the LIVE hardcoded IP to the assign DHCP IP?
Thanks in advance,
Regards,
Adam Niedzwiedzki
c: genis-x
a: level 1, 278-280 church street richmond, victoria, 3121, au, earth
m: +614 0732 2719
w: www.genis-x.com
icq: 325910
"Any sufficiently advanced bug is indistinguishable from a feature."
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
