Dave:
That did it!! I can't thank you enough. I need to get IP chains running as
you have also but the Masquerade is running very nice. If you have any
problems with freewwweb.com don't hesitate to e-mail and I will help in
whatever way possible. I am sure any Red Hatter out there that is having
problems in getting IP Masquerade going should take note of the command
lines you have outlined for me below.
Thanks Again,
Eddie Strohmier
----- Original Message -----
From: Dave Reed <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, July 04, 2000 8:19 PM
Subject: Re: Home network
> > From: "E. Stroh" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Date: Tue, 4 Jul 2000 18:30:42 -0500
> > Content-Type: text/plain;
> > charset="iso-8859-1"
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> > Content-Length: 3244
> >
> > Dave:
> >
> > Thanks.. Yes I have been dialing in to freewwweb.com via Linux. I use
Kppp
> > using PAP. Need the DNS numbers, (primary 216.70.64.1 and secondary
> > 216.70.64.2). Also note that the user name is your entire e-mail address
for
> > login purposes not just the username by itself. That hung me up for
several
> > days till I read through their how to connect page thoroughly. The only
> > thing I have not been able to get working is there news service. I
believe
> > it to be there actual news server though as I have had no problems up
till
> > about 3 weeks ago. I sent a message to there support staff about a week
ago
> > but no answer yet. I think they are still trying to work the bugs out of
> > their fast growing network. I have also noticed some mail server
problems
> > from time to time. But all in all for being a free connect ISP with the
only
> > requirement is that you place home.freewwweb.com as your browser startup
> > page you can not loose. I have never had a connection problem with them
and
> > carry multiple user names and passwords. I have noticed on the list that
> > they limit access but I have yet to see a problem with the number of
hours
> > connected. I stay connected probably 300 + hours per month with no
problem.
> > I used own/operate an ISP but sold out after competition finally got to
the
> > point where it was just not worth the trouble nor were we making money
just
> > breaking even. It is a big step backwards as far as speed for the old
modem
> > vs. the T-1 I used to enjoy. I am in an area where ADSL is not available
yet
> > so no luck there either.
>
> I used a local ISP in Columbus, OH for about 2.5 years before finally
> deciding to get a cable modem at least for the summer so I could do
> most of my work from home this summer. I doubt I'll go back to a
> dial-up connection - the speed is nice, but the main benefit for us is
> it doesn't tie up the phone and it's nice not to have to wait for it
> to connect.
>
> I set up a Linux IP-Masquerade server for my church so all the staff
> could access e-mail and the web through it and was using worldspy.com,
> but they just sold out or merged with Juno and I think you need their
> special Windows software to use Juno. Worldspy was a normal pap ppp
> setup so I may see if I can use freewwweb.com now for the church.
>
>
> > Anyway thanks and I will get on to that IP masquerade so I can get my
home
> > networked as we were before.
>
>
> Here's the short version. This assumes your LAN is 192.168.1.x.
>
> Put this in /etc/rc.d/rc.local
> # default policy for forwards is DENY
> /sbin/ipchains -P forward DENY
> # masquerade local network
> /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
>
> Also:
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Then tell all your other machines to use your Linux machine as their
> gateway. You'll probably want to read more about ipchains to disallow
> incoming connections.
>
> Here's some more of my "firewall" rules:
>
> # rr-in chain for road runner
> /sbin/ipchains -N rr-in
> /sbin/ipchains -A input -i eth0 -j rr-in
>
> # allow ident requests from everyone
> /sbin/ipchains -A rr-in -p tcp -s 0/0 -d 0/0 113 -j ACCEPT
>
> # reject all ppp interface packets with a source address of 192.168.1.0/24
> /sbin/ipchains -A rr-in -s 192.168.1.0/24 -l -j DENY
>
> # allow wget to work - return ftp data only (ftp-data) but only
> # through ports 1024-5999 and above 6010 (6000-6010 is for X11)
> /sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 0:1023 -j REJECT
> /sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 6000:6009 -j REJECT
> /sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 1024:5999 -j ACCEPT
> /sbin/ipchains -A rr-in -p tcp -s 0/0 ftp-data -d 0/0 6011: -j ACCEPT
>
> # reject all incoming tcp connection initializations
> /sbin/ipchains -A rr-in -p tcp -y -l -j REJECT
>
> # reject all incoming ping requests
> /sbin/ipchains -A rr-in -p icmp --icmp-type echo-request -l -j REJECT
>
>
> The IP-Masquerade HOWTO and ipchains/firewall (can't remember which
> one it's called) HOWTOs provide lots more details, although I found
> the Masquerade HOWTO much easier to read.
>
> Thanks for the info on freewwweb.com
>
> Dave
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
