Correction: if-up must be ip-up etc.. in /etc/ppp/
"Eric MC.D" wrote:
>
> "Eric MC.D" wrote:
> >
> > If You don't have a network !!
> > What you have to do:
> > 1. select ippp0 (isdn card) or ppp0 (52k modem)
> > 2. ppp0 or ippp0 must started-up before pmfirewall takes
> > effect !!!
> > 3. so select :
> > I tryed PMfirewall on the following machine:
> > -networkcard : none
> > -internet connection: via ISDN card
> > -POP to retrieve from ISP (no IMAP)
> > Purposes:
> > Want to close all ports to the outside.
> > Installation:
> > On the untared pmfirewall dir ~/pmfirewall-1.1.4
> > Type: sh install.sh
> > The install proc.: (questions (summerized) - responses.)
> > *dir to install: /usr/pmfirewall #(or where you
> > want)
> > *network : ippp0 (or ppp0)
> > *unrestricted access ? Y
> > IP range: 127.0.0.1/255.255.255.0
> > add others ? N
> > *IP ragnges to block completely ? N
> > *IP address assigned via DHCP ? N
> > *Running FTP ports 220/21 ? N
> > * " SSH 22 ? N
> > * " Telnet server 23 ? N
> > * " SMTP server 25 ? N
> > * " DNS server 53 ? N
> > * " Finger server 79 ? N
> > * " Web server 80 ? N
> > * " POP server 110 ? Y
> > IP address 127.0.0.1/255.255.255.0
> > *Allow IDENT 113 ? N
> > *Running NNTP server 119 ? N
> > *If using NTP 123 ? N
> > *Open NetBIOS/Samba 137-139 ? N
> > *Running IMAP server 143 ? N
> > * " SSL web server 443 ? N
> > * " routed (RIP) 520 ? N
> > *Open NFS 2049 ? N
> > *X server 5999-6003 ? N
> > *Other ports to open ? N
> > *Start on boot-up ? N
> > *Autodetect IP address ? Y
> > *Masquerade for other PC's ? N
> >
> > *Start pmfirewall when succ PPP connection ? Y
> > -------------------------------------------
> > Now copy the pmfirewall-script added in /etc/ppp/ip-up.local
> > to /etc/ppp/ip-up (takes no effect on ip-up.local)
> > Same on ip-down from ip-down.local.
> > Start your connection.
> > If pmfirewall didn't started,start pmfirewall:
> > cd /usr/pmfirewall ( or rhe dir you installed pmfirewall)
> > sh pmfirewall start
> > If there are no error messages you'r ok !
> > -------------------------------------------
> >
> > Results:
> > >From http://grc.com --> STEALTH --> PORTPROBE
> >
> > Port Service Status
> > ---- ------- ------
> > 21 FTP stealth
> > 23 Telnet "
> > 25 SMTP "
> > 79 Finger "
> > 80 HTTP "
> > 110 POP3 "
> > 113 IDENT "
> > 139 NetBIOS "
> > 143 IMAP "
> > 443 HTTPS "
> >
> > -------------------------------------------
> > Hope this help.
> > Eric MC