Output of netstat -nrWell, I can say for sure the 169.x.x.x address is from an unaddressed interface.. when you fired up the box at one point, it could not get an address... or you ahve a second NIC that is set DHCP and it could not get an address.. the 169.254 entry is for DHCP Unassigned addresses..... Perfectly safe internally...
As for security.. your gateway box is the key there... as long as your Router is secured not to allow unpleasantries incoming, you can do whatever you want internally with a reasonable amound of security... (I run a pair of Windows boxes behind my Linux router, and they can talk to each other but the internet cannot get Windows shares from them...)
I am sure more detailed info could be had, but thats a good starting point... Secure the point of entry.. everything else inherits that security, provided all local machines are trusted.. (which unless you have a teenager who likes to hack, is the case for home computers)
Rob Day
On Sun, 2003-06-08 at 12:33, felipe leon wrote:
I have a small house network: two boxes, connecting to dsl isp provider with the help of a d-link broadband router connected to a dsl modem. The router acts as a dhcp server and has a built in firewall. I want to be able to share files internally between these two boxes. I wanted to use NFS so I allowed the service in both boxes and kept the firewalls of the boxes quite restrictive (only by using lokkit, security level medium, not trusted devices except dhcp and nfs:tcp) Im not experienced at all with networking just learning but it will be very helpful for me to be able to share files. My question is: which are the immediate steps (for an unexperienced user) to minimize security risks with this setting (two boxes, d-link broadband router, nfs to be available internally).
Im a bit scared since last time I checked the routing table in one of my boxes I found the following:
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
Normally (as in my other box) the routing table looks like:
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
As it is evident I found a new destination included, 169.254.0.0, which I have no idea where it comes from. On my understanding there is no other reason for the routing table of a box to have more than 3 entries: eth0 the lo and the line of the gateway.
What does this mean? have I been hacked? Is my security compromised? what should I do? Is it because of the dhcp server?
Sorry for the long email and thanks a lot for any advice.
1) Only eth1
[EMAIL PROTECTED] antonio]$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
2) only eth1 and ppp0 (ADSL connection)
[EMAIL PROTECTED] antonio]$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.100.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0
3) with the activation of second NIC etho
[EMAIL PROTECTED] antonio]$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.100.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0
I have no dhcp and NIC are activated at boot-time...
Any comment??
Antonio
--
============================================== Written with Mozilla 1.4a on Linux RedHat 9 ==============================================
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
