I have a caching DNS server installed - I'll try to block everything and see
if it breaks, and if it does I'll open 53. I'm also thinking of blocking all
incoming TCP SYN packets on all ports with
ipchains -I input -p tcp -y -i eth1 -j REJECT -l
I'm not running any X server on the firewall, though I do run X clients
displaying back on my workstation. I don't need X to go across the external
interface, though.
Thanks for the tips!
--
Manuel A. McLure - Unify Corp. Technical Support <[EMAIL PROTECTED]>
Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur.
-----Original Message-----
From: Steve Shah [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 18, 2000 4:28 PM
To: Manuel A. McLure
Cc: '[EMAIL PROTECTED]'
Subject: Re: Securing IPMASQ gateway
Hmmm... DNS, depending on how you have it setup. You may need to leave
incoming port 53 accessable. Other than that, I don't imagine there
being a problem with this. You may also want to look into ports
6000:6010 if you leave X running.
-Steve
On Tue, Jan 18, 2000 at 04:07:16PM -0800, Manuel A. McLure wrote:
> OK, got that. With that configuration I'd have to figure out what ports
are
> being used by servers and block those specifically, right? My question is,
> will doing something like
>
> ipchains -I input -p tcp --destination-port 0:1023 -i eth1 -j REJECT -l
> ipchains -I input -p udp --destination-port 0:1023 -i eth1 -j REJECT -l
>
> hurt anything?
>
> --
> Manuel A. McLure - Unify Corp. Technical Support <[EMAIL PROTECTED]>
> Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
