[expert] Firewall questions
Currently I rely on a hardware firewall, but I would like to add a personal software firewall. I know that I will need a slice of time to do sufficient reading to get the configuration right, so I thought that I would browse using Webmin to see what I needed to know, particularly since I don't want to affect the lan. Unfortunately, though logically, you can't do that until you have installed iptables. I see, though, that it offers configuration for Linux Firewall and Shorewall. If I install iptables and/or shorewall do they come with completely hashed out configuration files, or am I immediately committed to sorting it? Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall questions
On Thursday 30 Oct 2003 11:03 am, J.C. Woods wrote: Just install iptables, and start rolling your own rules. There are loads of sites that document how to. So installing iptables will have no 'built-in' rules? That's what I want, so that I can build it up a little at a time. You could start off by just replacing one rule at a time from your external router. For example, let's say your hardware does not allow any ping responses. So you write your first rule with iptables to disallow any ping responses, and turn that feature off on the router, so on and so forth until you feel good about your firewall rules, and have a better understanding of what is going on. The problem for me is that the hardware router does not allow GnomeMeeting to have a range of ports open (it uses h.323 tunneling), so I'm thinking that I will need, eventually, to set my box dmz and rely on the software one, suitably configured. I am quite prepared to make the switch to dmz for the duration of a session (it won't be too frequent), but I want the second layer in first. Consequently, I can use dmz to test the rules, going back behind the hardware f/w as necessary. And you could do this a little at a time, as you learn new rules Because I have always wrote my own rules, since the days of ipchains, I do not know too much about Shorewall, and I would never trust Webmin to handle a vital function like firewalls. Just my two cents worth... My experience with using it to set up samba does not encourage me to do it that way, but I thought that browsing the interface might give me a better idea of the questions I need answering before actually doing any configuration. Thanks for the input Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall questions
On Thursday 30 October 2003 07:01 am, Anne Wilson wrote: So installing iptables will have no 'built-in' rules? That's what I want, so that I can build it up a little at a time. Yes, that is the way that I am running it, to supplement the hardware router because hardware routers are not really suitable for filtering as opposed to blocking. The problem for me is that the hardware router does not allow GnomeMeeting to have a range of ports open (it uses h.323 tunneling), so I'm thinking that I will need, eventually, to set my box dmz and rely on the software one, suitably configured. I am quite prepared to make the switch to dmz for the duration of a session (it won't be too frequent), but I want the second layer in first. Consequently, I can use dmz to test the rules, going back behind the hardware f/w as necessary. What kind do you have? You should be able to open up an entire range, as small or large as you want and configure GnomeMeeting to simply confine to that range. I have a range open for passive ftp and it appears to work fine. My experience with using it to set up samba does not encourage me to do it that way, but I thought that browsing the interface might give me a better idea of the questions I need answering before actually doing any configuration. As your rules get extended, Webmin will evenually break down and time out trying to display them all. At least, it does in my case, so I simply keep a bash script to issue the commands and periodically update and rerun the script to repopulate changes to my firewall. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Firewall questions
-Original Message- From: Anne Wilson [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 5:37 AM To: [EMAIL PROTECTED] Subject: [expert] Firewall questions Currently I rely on a hardware firewall, but I would like to add a personal software firewall. I know that I will need a slice of time to do sufficient reading to get the configuration right, so I thought that I would browse using Webmin to see what I needed to know, particularly since I don't want to affect the lan. Unfortunately, though logically, you can't do that until you have installed iptables. I see, though, that it offers configuration for Linux Firewall and Shorewall. If I install iptables and/or shorewall do they come with completely hashed out configuration files, or am I immediately committed to sorting it? Anne -- If you're looking for ease of use, Shorewall should do. It can be quickly enabled in MCCSecurityDrakFirewall. It uses iptables as the underlying filter, but configuration is much more simple IMHO. Then again, if you have the time and ambition to learn iptables that's always a handy skill to have! __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall questions
On Thursday 30 Oct 2003 12:21 pm, Bryan Phinney wrote: The problem for me is that the hardware router does not allow GnomeMeeting to have a range of ports open (it uses h.323 tunneling), so I'm thinking that I will need, eventually, to set my box dmz and rely on the software one, suitably configured. I am quite prepared to make the switch to dmz for the duration of a session (it won't be too frequent), but I want the second layer in first. Consequently, I can use dmz to test the rules, going back behind the hardware f/w as necessary. What kind do you have? You should be able to open up an entire range, as small or large as you want and configure GnomeMeeting to simply confine to that range. I have a range open for passive ftp and it appears to work fine. SMC/7401BRA We chose that one, knowing nothing about routers, because at least the manufacturer put the manual on the website, and it looked reasonable. I've regretted it a bit, but that's hindsight. You can open around 10 ports, (total of tcp and udp), but no ranges. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] firewall question
Since setting up Shorewall to discard bad/malformed packets, I've been getting a lot of log entries like this. Why? I know that the displayed destination address is a broadcast address. Aug 31 08:31:18 n0sq kernel: Shorewall:badpkt:DROP:IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:e8:b4:c6:c3:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=128 ID=8093 PROTO=UDP SPT=68 DPT=67 LEN=556 Also, I've been getting a lot of bad packets from many IP addresses that belong to my ISP. The strange thing is that the packets have my address as the destination address. This is sure taking up a lot of log space. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall question
On Sun, 2003-08-31 at 09:46, engage wrote: Since setting up Shorewall to discard bad/malformed packets, I've been getting a lot of log entries like this. Why? I know that the displayed destination address is a broadcast address. Aug 31 08:31:18 n0sq kernel: Shorewall:badpkt:DROP:IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:e8:b4:c6:c3:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=128 ID=8093 PROTO=UDP SPT=68 DPT=67 LEN=556 that's a DHCP packet -- grab it with Ethereal and you can see what type. I'd guess client request. Also, I've been getting a lot of bad packets from many IP addresses that belong to my ISP. The strange thing is that the packets have my address as the destination address. Maybe they're scanning for services, or maybe other users on the ISP are scanning or have worms. This is sure taking up a lot of log space. So don't do it :-) Scale back logging. http://www.monkeynoodle.org/comp/reply-to -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall question
On Sunday 31 August 2003 11:43 am, Jack Coates wrote: On Sun, 2003-08-31 at 09:46, engage wrote: Since setting up Shorewall to discard bad/malformed packets, I've been getting a lot of log entries like this. Why? I know that the displayed destination address is a broadcast address. Aug 31 08:31:18 n0sq kernel: Shorewall:badpkt:DROP:IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:09:e8:b4:c6:c3:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=128 ID=8093 PROTO=UDP SPT=68 DPT=67 LEN=556 that's a DHCP packet -- grab it with Ethereal and you can see what type. I'd guess client request. I forgot that a lot of the new accounts at the ISP are now DHCP. Also, I've been getting a lot of bad packets from many IP addresses that belong to my ISP. The strange thing is that the packets have my address as the destination address. Maybe they're scanning for services, or maybe other users on the ISP are scanning or have worms. Possibly. I'm going to have to spend more time on network analysis. I might be able to get away from the computer someday. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Saturday 11 January 2003 08:49 am, Mark Weaver wrote: Lorne wrote: On Friday 10 January 2003 11:13 am, Todd Lyons wrote: Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, Geez, you should be sitting there with tcpdump running nearly non-stop and logging to a seperate host so that you can see exactly is occurring. Get active and into it and you'll learn a LOT about security. You may _think_ you know a lot now, but when you watch a box getting 'sploited, and then pull the plug and figure it all out, you'll come out of it with some invaluable knowledge that you can put to use immediately! I prefer ethereal and sniffer pro and I have had really really limited time here at home. I've been getting more and more into packet analysis at work and it is pretty cool stuff. I've been to a couple of classes on it. I've had snort running on Mandrake snf and I'm putting the finishing touches on MNF. It has snort. I'm putting tripwire on it now. What I REALLY would like to do is set up a honey pot and then I'm truly in control and can watch with interest what is going on. I'm trying to talk my boss into letting me set up a honey pot at work, but corportate is against it. I need to talk to the fellow that is against it. I think he is wrong. :) why in the world would someone be against setting up a honeypot in defense of a network and all the mission critical data stored thereon? Yes, I understand that honeypot in and of itself does nothing to actually protect a network, but in the overall scheme it is a part of the process. That is what I asked the director yesterday. He said the head dude is from the CIA and he has always been against it. WFT!?!? My response was, I need to talk to this guy, because he either doesn't understand them or knows something profound I've never thought or heard of. Like I tried to explain to the director yesterday is that there should never ever be any legitimate traffic to a honeypot so if there is activity, it is going to be improper. Makes it pretty damned easy to catch activity on a busy network. Like you said, it isn't protection, but what a cool tool to trigger alarms, watch what they are doing, keep them busy until you figure out what is going on etc. :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Saturday 11 January 2003 02:35 pm, Mark Weaver wrote: snip That is what I asked the director yesterday. He said the head dude is from the CIA and he has always been against it. WFT!?!? My response was, I need to talk to this guy, because he either doesn't understand them or knows something profound I've never thought or heard of. Like I tried to explain to the director yesterday is that there should never ever be any legitimate traffic to a honeypot so if there is activity, it is going to be improper. Makes it pretty damned easy to catch activity on a busy network. Like you said, it isn't protection, but what a cool tool to trigger alarms, watch what they are doing, keep them busy until you figure out what is going on etc. :) that guy sounds more like someone who's technically in WAY over his head and hasn't got a single clue what he's doing. That is what I think. The reason I want to speak to him. I am not in the security section. I'm trying. I am positive they are in way over their heads and I told him it wasn't a matter if but when we got hacked. The sad part is, they probably won't know it when they do, if the hacker is smart. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Saturday 11 January 2003 06:04 pm, Mark Weaver wrote: On Saturday 11 January 2003 07:47 pm, Lorne wrote: On Saturday 11 January 2003 02:35 pm, Mark Weaver wrote: snip That is what I asked the director yesterday. He said the head dude is from the CIA and he has always been against it. WFT!?!? My response was, I need to talk to this guy, because he either doesn't understand them or knows something profound I've never thought or heard of. Like I tried to explain to the director yesterday is that there should never ever be any legitimate traffic to a honeypot so if there is activity, it is going to be improper. Makes it pretty damned easy to catch activity on a busy network. Like you said, it isn't protection, but what a cool tool to trigger alarms, watch what they are doing, keep them busy until you figure out what is going on etc. :) that guy sounds more like someone who's technically in WAY over his head and hasn't got a single clue what he's doing. That is what I think. The reason I want to speak to him. I am not in the security section. I'm trying. I am positive they are in way over their heads and I told him it wasn't a matter if but when we got hacked. The sad part is, they probably won't know it when they do, if the hacker is smart. God help the cracker if he isn't! lets hope he isn't very smart at all. Mark hahaha amen! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 11 January 2003 07:47 pm, Lorne wrote: On Saturday 11 January 2003 02:35 pm, Mark Weaver wrote: snip That is what I asked the director yesterday. He said the head dude is from the CIA and he has always been against it. WFT!?!? My response was, I need to talk to this guy, because he either doesn't understand them or knows something profound I've never thought or heard of. Like I tried to explain to the director yesterday is that there should never ever be any legitimate traffic to a honeypot so if there is activity, it is going to be improper. Makes it pretty damned easy to catch activity on a busy network. Like you said, it isn't protection, but what a cool tool to trigger alarms, watch what they are doing, keep them busy until you figure out what is going on etc. :) that guy sounds more like someone who's technically in WAY over his head and hasn't got a single clue what he's doing. That is what I think. The reason I want to speak to him. I am not in the security section. I'm trying. I am positive they are in way over their heads and I told him it wasn't a matter if but when we got hacked. The sad part is, they probably won't know it when they do, if the hacker is smart. God help the cracker if he isn't! lets hope he isn't very smart at all. Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+IL8QJuZ1geTzHgERAn4YAKCzhMxcXSmrPnJZyXM6hP/F5Q+VrwCeOVav 4SCSZdZ6bqyU7tTFbZbCvOM= =arBd -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Saturday 11 January 2003 07:25 pm, Mark Weaver wrote: On Saturday 11 January 2003 09:17 pm, Lorne scribbled incoherently: Could very well be. Unfortunately the two guys that are in charge of it are such buffoons that I would not work with them anyhow. I fully expect them to get fired soon. They are not only ignorant, but arrogant to boot! I can handle ignorance, and I can handle arrogance, but not both together! they are in charge of setting it all up and it is such a joke. I'm just hoping to make enoug comments to the director that he will know I have some skills and am interested so that when they do get fired I'll be considered. Don't ever try to fight ignorants face to face, play along and be their advisor in hard times. It's the only way, or be prepared to stick a lot of energy and time in battling their back to the wall tactics. You'll probably lose any which way! This is a really unique situation. The only thing I'm afraid of is that if they F#$K it up too badly, that our parent company will take it away from us and move it out of our building without me having a chance to prove we can do it right. :( Oh well we'll see how it all shakes out. Good luck, HarM well good luck and God speed to ya Lorne! heh.. heh...thanks Mark! ;) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
As for why against... this network is my home and I can't afford to go buy another comp and IP just to protect the 4 or 5 boxes behind it. *grin* James On Sat, 2003-01-11 at 10:24, Lorne wrote: On Saturday 11 January 2003 08:49 am, Mark Weaver wrote: Lorne wrote: On Friday 10 January 2003 11:13 am, Todd Lyons wrote: Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, Geez, you should be sitting there with tcpdump running nearly non-stop and logging to a seperate host so that you can see exactly is occurring. Get active and into it and you'll learn a LOT about security. You may _think_ you know a lot now, but when you watch a box getting 'sploited, and then pull the plug and figure it all out, you'll come out of it with some invaluable knowledge that you can put to use immediately! I prefer ethereal and sniffer pro and I have had really really limited time here at home. I've been getting more and more into packet analysis at work and it is pretty cool stuff. I've been to a couple of classes on it. I've had snort running on Mandrake snf and I'm putting the finishing touches on MNF. It has snort. I'm putting tripwire on it now. What I REALLY would like to do is set up a honey pot and then I'm truly in control and can watch with interest what is going on. I'm trying to talk my boss into letting me set up a honey pot at work, but corportate is against it. I need to talk to the fellow that is against it. I think he is wrong. :) why in the world would someone be against setting up a honeypot in defense of a network and all the mission critical data stored thereon? Yes, I understand that honeypot in and of itself does nothing to actually protect a network, but in the overall scheme it is a part of the process. That is what I asked the director yesterday. He said the head dude is from the CIA and he has always been against it. WFT!?!? My response was, I need to talk to this guy, because he either doesn't understand them or knows something profound I've never thought or heard of. Like I tried to explain to the director yesterday is that there should never ever be any legitimate traffic to a honeypot so if there is activity, it is going to be improper. Makes it pretty damned easy to catch activity on a busy network. Like you said, it isn't protection, but what a cool tool to trigger alarms, watch what they are doing, keep them busy until you figure out what is going on etc. :) __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Sat, 2003-01-11 at 18:24, H.J.Bathoorn wrote: On Sunday 12 January 2003 00:47, Lorne wrote: That is what I think. The reason I want to speak to him. I am not in the security section. I'm trying. I am positive they are in way over their heads and I told him it wasn't a matter if but when we got hacked. The sad part is, they probably won't know it when they do, if the hacker is smart. Trouble is that as long as you're trying to get heard, they'll see you as a threat. Meaning they (the security dep.)'ll be using all their energy to fight you instead of the cracker they've never ever felt before. Don't ever try to fight ignorants face to face, play along and be their advisor in hard times. It's the only way, or be prepared to stick a lot of energy and time in battling their back to the wall tactics. You'll probably lose any which way! Good luck, HarM HarM... Good bad or indifferent, you are unfortunately right. The best move in my opinion is to make your proposal in writing (so that you have a copy.) to the head of security... Then when he botches it... You are ahead.. If he likes what you suggest, then HE gets to go to the boss and win either way. You win. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
I've been lucky so far -- at the company I work for, I'm in charge of all technology oriented activities (security, database, systems, helpdesk, and so forth) so if I make a suggestion there is typically very little resistance to it (since, after all, I've been right several times before already -- proven track record always helps). Michael At 07:48 PM 1/11/2003 -0800, you wrote: On Sat, 2003-01-11 at 18:24, H.J.Bathoorn wrote: On Sunday 12 January 2003 00:47, Lorne wrote: That is what I think. The reason I want to speak to him. I am not in the security section. I'm trying. I am positive they are in way over their heads and I told him it wasn't a matter if but when we got hacked. The sad part is, they probably won't know it when they do, if the hacker is smart. Trouble is that as long as you're trying to get heard, they'll see you as a threat. Meaning they (the security dep.)'ll be using all their energy to fight you instead of the cracker they've never ever felt before. Don't ever try to fight ignorants face to face, play along and be their advisor in hard times. It's the only way, or be prepared to stick a lot of energy and time in battling their back to the wall tactics. You'll probably lose any which way! Good luck, HarM HarM... Good bad or indifferent, you are unfortunately right. The best move in my opinion is to make your proposal in writing (so that you have a copy.) to the head of security... Then when he botches it... You are ahead.. If he likes what you suggest, then HE gets to go to the boss and win either way. You win. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 11 January 2003 09:17 pm, Lorne scribbled incoherently: Could very well be. Unfortunately the two guys that are in charge of it are such buffoons that I would not work with them anyhow. I fully expect them to get fired soon. They are not only ignorant, but arrogant to boot! I can handle ignorance, and I can handle arrogance, but not both together! they are in charge of setting it all up and it is such a joke. I'm just hoping to make enoug comments to the director that he will know I have some skills and am interested so that when they do get fired I'll be considered. Don't ever try to fight ignorants face to face, play along and be their advisor in hard times. It's the only way, or be prepared to stick a lot of energy and time in battling their back to the wall tactics. You'll probably lose any which way! This is a really unique situation. The only thing I'm afraid of is that if they F#$K it up too badly, that our parent company will take it away from us and move it out of our building without me having a chance to prove we can do it right. :( Oh well we'll see how it all shakes out. Good luck, HarM well good luck and God speed to ya Lorne! - -- Mark - --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+INI2JuZ1geTzHgERAmEDAKDMoqckJnEpLlig9f/CujhGmwFRKwCfalN2 aKgNOXGv5HhecOgrI+CGZ4I= =bk9F -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall stuff SSH
On Friday 10 January 2003 12:58 am, Ken Hawkins wrote: On Friday 10 January 2003 02:50 pm, Ken Thompson wrote: On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. I have been using EigerStein from the LRP on a 486-66 w16mb, and NO HDD for about 2 years with no problem. Since it boots from floppy, once running, you pop out the disk, and even if by chance someone hacks the F/W, you can just reboot. I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins ***ALERT*** I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, don't trust it too much. :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Friday 10 January 2003 04:15 pm, Lorne wrote: On Friday 10 January 2003 12:58 am, Ken Hawkins wrote: SNIP A WHOLE LOT OUT I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins ***ALERT*** I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, don't trust it too much. :) OR: Sure I'm paranoid...but am I paranoid enough? Sorry, didn't mean to imply that I was invulnerable...just that it was a cheap easy solution to be MUCH more secure that most people out there. Remember that there are millions of users out there still with windblows machines plugged straight into their DSL/Cable modems with NO firewalls. When you say they were poking around, had they been able to install s/w, read documents, change configs? Or was it just port scanning, rattling the doorknobs so to speak? Ken Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, Geez, you should be sitting there with tcpdump running nearly non-stop and logging to a seperate host so that you can see exactly is occurring. Get active and into it and you'll learn a LOT about security. You may _think_ you know a lot now, but when you watch a box getting 'sploited, and then pull the plug and figure it all out, you'll come out of it with some invaluable knowledge that you can put to use immediately! Just a suggestion at any rate. Blue skies... Todd - -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Hw07lp7v05cW2woRArzrAJ9PRdcmTWiQg5dTKDGDRPoOhrcJcwCfd9N4 Sta7D9pmRrfVFAQNY+mdByg= =Bgaf -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Friday 10 January 2003 01:31 am, Ken Hawkins wrote: On Friday 10 January 2003 04:15 pm, Lorne wrote: On Friday 10 January 2003 12:58 am, Ken Hawkins wrote: SNIP A WHOLE LOT OUT I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins ***ALERT*** I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, don't trust it too much. :) OR: Sure I'm paranoid...but am I paranoid enough? Sorry, didn't mean to imply that I was invulnerable...just that it was a cheap easy solution to be MUCH more secure that most people out there. Remember that there are millions of users out there still with windblows machines plugged straight into their DSL/Cable modems with NO firewalls. Damned scary isn't it!? No need to appologize. :) When you say they were poking around, had they been able to install s/w, read documents, change configs? Or was it just port scanning, rattling the doorknobs so to speak? They had made it past my firewall and were rattling the door knobs on IP addresses beyond the firewall. So basically they had breached the moat and were trying doors in the castle. Scary and obviously the firewall is compromised when they do this. Ken Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Friday 10 January 2003 11:13 am, Todd Lyons wrote: Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, Geez, you should be sitting there with tcpdump running nearly non-stop and logging to a seperate host so that you can see exactly is occurring. Get active and into it and you'll learn a LOT about security. You may _think_ you know a lot now, but when you watch a box getting 'sploited, and then pull the plug and figure it all out, you'll come out of it with some invaluable knowledge that you can put to use immediately! I prefer ethereal and sniffer pro and I have had really really limited time here at home. I've been getting more and more into packet analysis at work and it is pretty cool stuff. I've been to a couple of classes on it. I've had snort running on Mandrake snf and I'm putting the finishing touches on MNF. It has snort. I'm putting tripwire on it now. What I REALLY would like to do is set up a honey pot and then I'm truly in control and can watch with interest what is going on. I'm trying to talk my boss into letting me set up a honey pot at work, but corportate is against it. I need to talk to the fellow that is against it. I think he is wrong. :) Just a suggestion at any rate. Blue skies... Todd Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] firewall-script
hi, here I have the script for my firewall-masquerade of rc.firewall-2.2.1 and that's the points, I don't know what to fill in : + DNS= #set to your DNS server(s) that you get zones from INTERNAL_LAN=192.168.0.0/24 192.168.10.0/24 #the internal network(s), must be set AUTH_ALLOW=207.69.200.132 216.32.132.250 206.132.27.156 209.81.232.66 207.45.69.69 216.80.83.185 212.158.123.66 #IPs allowed to use the AUTH service (leave blank and put 113 in TCP_ALLOW for all) DENY_ALL= #internet hosts to explicitly deny from accessing your system at all DROP=REJECT DNS: dont't have settep up right now -- ++ INTERNAL_LAN=192.168.0.0/24 192.168.10.0/24 : here I'm having an internal-lan of 192.168.10.0 = is that, what I have to write in ? AUTH_ALLOW= don't have any glue ... am sorry about ! AUTH service = what's this ? DENY_ALL= = what I have to write in ? DROP=REJECT = what's this ? and what I have to fill in here ? ## my IP's for my two ethercards are : 192.168.10.8 = eth0 (internal LAN) and 10.0.0.10 for eth1 = connected to ADSL-modem from Alcatel-Speed-touch) I don't let be active the internet-connection all the time, only, if I need the line, I'm calling the mandrake-control-center and then Network-Internet and then connect maybe, that can be done trough a script, but I don't have anything. It would be one of my next steps to learn something about with Perl. hope anyone can help me here, which things I have to fill in and why ... it's for my learning and better understanding. thanks in advance and bye hans Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] firewall config?
Didn't there used to be a firewall config utility in Mandrake? I need to open 1 port. Anyone know how to do this form the command line if it can't be done from the control center? Darren Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall / Internet sharing with Mandrake 7.2 - how to temporarilyturn off?
Hi fellow Mandrake users, I installed Mandrake 7.2 in my old office in India. I setup a basic firewall and Internet sharing using ipchains as I recall. It was setup using a simple script that was very likely recommended on MandrakeUser at the time. Sorry but I don't recall what the script was called! :-) It was pretty cool, it basically walked you through the steps by asking questions and then set it up. Now I'm in New Zealand and I need to SSH into their box to fix some things for them. I'm suspecting I won't be able to SSH in, since I probably blocked that kind of external access with the firewall. Could someone please suggest a simple command to temporarily turn off the firewall portion of the script? Simple enough that a novice with root access there could turn it off? I guess it's OK if the Internet sharing is also down for a while, as long as they or me can start it up again! Thanks, Damon -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how to temporarily turn off?
InteractiveBastile, but have you tried SSH? you prolly turned off telnet, but might have left SSH? On Thursday 06 June 2002 06:12 pm, you wrote: Hi fellow Mandrake users, I installed Mandrake 7.2 in my old office in India. I setup a basic firewall and Internet sharing using ipchains as I recall. It was setup using a simple script that was very likely recommended on MandrakeUser at the time. Sorry but I don't recall what the script was called! :-) It was pretty cool, it basically walked you through the steps by asking questions and then set it up. Now I'm in New Zealand and I need to SSH into their box to fix some things for them. I'm suspecting I won't be able to SSH in, since I probably blocked that kind of external access with the firewall. Could someone please suggest a simple command to temporarily turn off the firewall portion of the script? Simple enough that a novice with root access there could turn it off? I guess it's OK if the Internet sharing is also down for a while, as long as they or me can start it up again! Thanks, Damon Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how totemporarily turn off?
No it wasn't InteractiveBastille :-) It was something downloaded from the net. I'll try SSH first of course, but it's not easy trying to sort these things out when the other machine is on dial-up. I'm pretty sure I stopped all outside activity. What is the best program I can run on Mandrake 8.2 that will scan and report what is open and what is not on the Mandrake 7.2 box? Damon On Fri, 2002-06-07 at 11:35, et wrote: InteractiveBastile, but have you tried SSH? you prolly turned off telnet, but might have left SSH? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how totemporarily turn off?
Try nmap, or the GUI front end nmapfe; Sridhar - Original Message - From: Damon Lynch [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 06, 2002 4:47 PM Subject: Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how totemporarily turn off? No it wasn't InteractiveBastille :-) It was something downloaded from the net. I'll try SSH first of course, but it's not easy trying to sort these things out when the other machine is on dial-up. I'm pretty sure I stopped all outside activity. What is the best program I can run on Mandrake 8.2 that will scan and report what is open and what is not on the Mandrake 7.2 box? Damon On Fri, 2002-06-07 at 11:35, et wrote: InteractiveBastile, but have you tried SSH? you prolly turned off telnet, but might have left SSH? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how totemporarily turn off?
It was probably pmfirewall (excellent, and deservably popular at the time) - do a search and you may find it. If not, I may have a copy that I can look at and see what can be done - email me privately if so. Alternative is to just email the other office the ipchains command to open port 22 and make sure sshd is running. Billk On Fri, 2002-06-07 at 06:12, Damon Lynch wrote: Hi fellow Mandrake users, I installed Mandrake 7.2 in my old office in India. I setup a basic firewall and Internet sharing using ipchains as I recall. It was setup using a simple script that was very likely recommended on MandrakeUser at the time. Sorry but I don't recall what the script was called! :-) It was pretty cool, it basically walked you through the steps by asking questions and then set it up. Now I'm in New Zealand and I need to SSH into their box to fix some things for them. I'm suspecting I won't be able to SSH in, since I probably blocked that kind of external access with the firewall. Could someone please suggest a simple command to temporarily turn off the firewall portion of the script? Simple enough that a novice with root access there could turn it off? I guess it's OK if the Internet sharing is also down for a while, as long as they or me can start it up again! Thanks, Damon -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. Sanitizer (start=1023401908): Part (pos=2420): SanitizeFile (filename=unnamed.txt, mimetype=text/plain): Match (rule=2): Enforced policy: accept Part (pos=3612): SanitizeFile (filename=message.footer, mimetype=text/plain): Match (rule=default): Enforced policy: defang Replaced mime type with: application/DEFANGED-77 Replaced file name with: message_footer.DEFANGED-77 Total modifications so far: 1 Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how totemporarily turn off?
Yes that's it, pmfirewall. A very handy little program. Does the following command allow accepting of SSH if pmfirewall has turned it off? - ipchains -A input -p TCP -d any/0 22 -j ACCEPT I'm not very familiar with the command line program they should run to figure out if sshd is running. Should they run: - chkconfig --list sshd Thanks! Damon On Fri, 2002-06-07 at 14:21, William Kenworthy wrote: It was probably pmfirewall (excellent, and deservably popular at the time) - do a search and you may find it. If not, I may have a copy that I can look at and see what can be done - email me privately if so. Alternative is to just email the other office the ipchains command to open port 22 and make sure sshd is running. Billk On Fri, 2002-06-07 at 06:12, Damon Lynch wrote: Hi fellow Mandrake users, I installed Mandrake 7.2 in my old office in India. I setup a basic firewall and Internet sharing using ipchains as I recall. It was setup using a simple script that was very likely recommended on MandrakeUser at the time. Sorry but I don't recall what the script was called! :-) It was pretty cool, it basically walked you through the steps by asking questions and then set it up. Now I'm in New Zealand and I need to SSH into their box to fix some things for them. I'm suspecting I won't be able to SSH in, since I probably blocked that kind of external access with the firewall. Could someone please suggest a simple command to temporarily turn off the firewall portion of the script? Simple enough that a novice with root access there could turn it off? I guess it's OK if the Internet sharing is also down for a while, as long as they or me can start it up again! Thanks, Damon -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. Sanitizer (start=1023401908): Part (pos=2420): SanitizeFile (filename=unnamed.txt, mimetype=text/plain): Match (rule=2): Enforced policy: accept Part (pos=3612): SanitizeFile (filename=message.footer, mimetype=text/plain): Match (rule=default): Enforced policy: defang Replaced mime type with: application/DEFANGED-77 Replaced file name with: message_footer.DEFANGED-77 Total modifications so far: 1 Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall / Internet sharing with Mandrake 7.2 - how to temporarily turn off?
On Thursday 06 June 2002 22:37, you wrote: Yes that's it, pmfirewall. A very handy little program. Does the following command allow accepting of SSH if pmfirewall has turned it off? - ipchains -A input -p TCP -d any/0 22 -j ACCEPT I'm not very familiar with the command line program they should run to figure out if sshd is running. Should they run: - chkconfig --list sshd Thanks! Damon Add: $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 22 -j ACCEPT To your pmfirewall config file. Restart pmfirewall startup script. Check for SSH running. Run: service sshd status If not started. Run: service sshd start. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall + routing
Have a look at Mandrake 8.2 -- later versions of IPtables etc.. Then have a look at Bastille http://www.bastille-linux.org . Just use Rpmdrake to install it,yes it's on your Mandrake Cds, and configure it using a command InteractiveBastille another excellent solution is have a look at FireStarter http://firestarter.sourceforge.net/ .. and yes that one is also on your Mandrake CDs. I have tested both of these and they look excellent. Both solutions can configure IPtables to do port forwarding. Cheers Mark On Tue, 2002-05-07 at 04:37, Belkie, Dan wrote: Hey Guys! I have a simple Mandrake 8.1 box as my router / firewall. I'm looking at putting a couple of web servers behind the firewall on my LAN. does anyone know of a good way to set up rules so that the FW can know to send port 80 request to xyz.com to one server and abc.com to another? I guess another question can anyone suggest a good firewall solution? I tried Mandrakes SNF 7.2 but it failed. thoughts? Thanks!! -- = Dan Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall + routing
Hey Guys! I have a simple Mandrake 8.1 box as my router / firewall. I'm looking at putting a couple of web servers behind the firewall on my LAN. does anyone know of a good way to set up rules so that the FW can know to send port 80 request to xyz.com to one server and abc.com to another? I guess another question can anyone suggest a good firewall solution? I tried Mandrakes SNF 7.2 but it failed. thoughts? Thanks!! -- = Dan Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall + routing
Belkie, Dan wrote: Hey Guys! I have a simple Mandrake 8.1 box as my router / firewall. I'm looking at putting a couple of web servers behind the firewall on my LAN. does anyone know of a good way to set up rules so that the FW can know to send port 80 request to xyz.com to one server and abc.com to another? I guess another question can anyone suggest a good firewall solution? I tried Mandrakes SNF 7.2 but it failed. Smoothwall : http://www.smoothwall.org/community/home/ I use the free, GPL version. See also ... IpCop : http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome I did use SNF for quite a while. I use smoothwall now with some minor tweaks so I could add portsentry to it ;-) -- Kevin O'Connor People will be free to devote themselves to activities that are fun ... The GNU Manifesto - Copyright (C) 1985, 1993 Free Software Foundation, Inc. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall + routing
Belkie, Dan wrote: Hey Guys! I have a simple Mandrake 8.1 box as my router / firewall. I'm looking at putting a couple of web servers behind the firewall on my LAN. does anyone know of a good way to set up rules so that the FW can know to send port 80 request to xyz.com to one server and abc.com to another? I guess another question can anyone suggest a good firewall solution? I tried Mandrakes SNF 7.2 but it failed. thoughts? Thanks!! -- = Dan Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Actually you want to use squid to do that. The trick is simple. We call that accelerator mode since squid can cache some responses for both. Accelerator--applicationSquid/application can function as THE connection on port 80 of a server and can relay requests to another server or servers, caching the results to increase apparent speed. Those other servers might be on the same machine or on different ones. The method is called a custom redirect program and here is a simple example: GUILabelCustom redirect program/GUILabel This list of options was quiet until this one arrived. This setting allows applicationSquid/application to be an accelerator for Several or emphasisall/emphasis servers in the local network. An example would be two apache servers at, say hardware192.168.1.7/hardware and hardware192.168.1.17/hardware applicationSquid/application is on the internet gateway and exposing port 80 for Hardwarewww.domain1.net/Hardware and Hardwarewww.domain2.org/Hardware. The redirect program might look something like this. /Para /ListItem /OrderedList Screen num; #!/usr/bin/perl while (lt;gt;) lcub; shttp://192bsol;.168bsol;.1bsol;.7@http://www.domain1.net shttp://192bsol;.168bsol;.1bsol;.17@http://www.domain2.org print; I think you can backtranslate the sgml codings here. As you can see, the script is very simple. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall security
I am using bastille-firewall Scanned my computer in sygatetechcom as you suggest and all UDP ports are closed I configured it with InteractiveBastille -x I don't enter anything for UDP service names or port numbers to allow on public interfaces and let UDP services to block as default (ie 2049 6770) Regards Fedneg Want to buy your Pack or Services from MandrakeSoft? Go to http://wwwmandrakestorecom
Re: [expert] firewall security
At 11:18 AM 3/1/2002 +0100, Fedneg wrote: I am using bastille-firewall. Scanned my computer in sygatetech.com as you suggest and all UDP ports are closed. That's my point. sygatetech.com shows them closed instead of blocked. sygatetech.com showed some UDP ports open when another port scanner shows them all blocked. Either the sygatetech.com scanner is broken or it's some kind of marketing ploy to get us to buy their software. Encryption isn't just for secrets...
Re: [expert] firewall security
Lee Roberts wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name). NONE of them block access to the UDP services no matter what I do. In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block. I've posted this message previously and some replies say they don't have this problem with bastille. I'm using bastille on Mandrake 8.1 with iptables and kernel 2.4.8-34.1mdk. Any suggestions other than suggesting that I learn iptables and write my own rules? Have you tried pmfirewall? My co-worker used it on his box. It was easy to set up and nmap found nothing when I ran it against the box afterward. -- Mike Rambo [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall security
pmfirewall doesn't use iptables. Besides, I used pmfirewall with Mandrake 7.2 and had the same problem. At 07:37 AM 3/1/2002 -0500, Mike Rambo wrote: Lee Roberts wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name). NONE of them block access to the UDP services no matter what I do. In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block. I've posted this message previously and some replies say they don't have this problem with bastille. I'm using bastille on Mandrake 8.1 with iptables and kernel 2.4.8-34.1mdk. Any suggestions other than suggesting that I learn iptables and write my own rules? Have you tried pmfirewall? My co-worker used it on his box. It was easy to set up and nmap found nothing when I ran it against the box afterward. -- Mike Rambo [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall security
Mike Rambo wrote: Lee Roberts wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name). NONE of them block access to the UDP services no matter what I do. In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block. I've posted this message previously and some replies say they don't have this problem with bastille. I'm using bastille on Mandrake 8.1 with iptables and kernel 2.4.8-34.1mdk. Any suggestions other than suggesting that I learn iptables and write my own rules? Have you tried pmfirewall? My co-worker used it on his box. It was easy to set up and nmap found nothing when I ran it against the box afterward. Back to basics and use iptables (or ipchains). It isn't that difficult! -- Kind regards, Wim De Hul Belgacom Belbone Mail : [EMAIL PROTECTED] Ripe : WDH25-RIPE Registered Linux User: #260015 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall security
Mike Rambo wrote: Have you tried pmfirewall? My co-worker used it on his box. It was easy to set up and nmap found nothing when I ran it against the box afterward. -- Mike Rambo [EMAIL PROTECTED] It seems his is using iptables, and pmfirewall will only work with ipchains.. -- J. Craig Woods UNIX/NT Network/System Administration -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It seems that the sygatetechcom scanner is broken I got the AW Security Port Scanner 402 for my windows box and used it to scan my linux box It shows all UDP ports to the public interface blocked I ran the TCP and UDP port scans on a friends linux box to verify that I was using it properly :-D BTW, has anyone had success using the nmap port to NT/2000? At 05:21 PM 2/28/2002 -0700, Lee Roberts wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name) NONE of them block access to the UDP services no matter what I do In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block -BEGIN PGP SIGNATURE- Version: PGPfreeware 658 for non-commercial use http://wwwpgpcom Comment: Encryption isn't just for secrets iQA/AwUBPIA68FHWApkbcbVkEQJywQCgtTlz9HPyPmh2vVGAb7Btv7d43jsAoIK0 TeLO40oZOmApLFtf4MDBXiMi =zOPA -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://wwwmandrakestorecom
[expert] firewall security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name) NONE of them block access to the UDP services no matter what I do In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block I've posted this message previously and some replies say they don't have this problem with bastille I'm using bastille on Mandrake 81 with iptables and kernel 248-341mdk Any suggestions other than suggesting that I learn iptables and write my own rules? -BEGIN PGP SIGNATURE- Version: PGPfreeware 658 for non-commercial use http://wwwpgpcom Comment: Encryption isn't just for secrets iQA/AwUBPH7JZVHWApkbcbVkEQK8hwCgoQeTp9OlHH4gqH5yOg5nSwSOz7sAnjg9 P4C/2EUGg4serS1Gd6wjcTU5 =oa4V -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://wwwmandrakestorecom
Re: [expert] firewall security
How are you checking that they are not being blocked? ie, outside scanner, nmap BillK On Fri, 2002-03-01 at 08:21, Lee Roberts wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name) NONE of them block access to the UDP services no matter what I do In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block I've posted this message previously and some replies say they don't have this problem with bastille I'm using bastille on Mandrake 81 with iptables and kernel 248-341mdk Any suggestions other than suggesting that I learn iptables and write my own rules? -BEGIN PGP SIGNATURE- Version: PGPfreeware 658 for non-commercial use http://wwwpgpcom Comment: Encryption isn't just for secrets iQA/AwUBPH7JZVHWApkbcbVkEQK8hwCgoQeTp9OlHH4gqH5yOg5nSwSOz7sAnjg9 P4C/2EUGg4serS1Gd6wjcTU5 =oa4V -END PGP SIGNATURE- This message has been 'sanitized' This means that potentially dangerous content has been rewritten or removed The following log describes which actions were taken Sanitizer (start=1014942564): Part (pos=2415): SanitizeFile (filename=unnamedtxt, mimetype=text/plain): Match (rule=2): Enforced policy: accept Part (pos=3401): SanitizeFile (filename=messagefooter, mimetype=text/plain): Match (rule=default): Enforced policy: defang Replaced mime type with: application/DEFANGED-4 Replaced file name with: message_footerDEFANGED-4 Total modifications so far: 1 Anomy 000 : Sanitizerpm $Id: Sanitizerpm,v 132 2001/10/11 19:27:15 bre Exp $ Want to buy your Pack or Services from MandrakeSoft? Go to http://wwwmandrakestorecom
Re: [expert] firewall security
sygatetechcom At 09:34 AM 3/1/2002 +0800, William Kenworthy wrote: How are you checking that they are not being blocked? ie, outside scanner, nmap BillK On Fri, 2002-03-01 at 08:21, Lee Roberts wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've tried tiny firewall, bastille-firewall, and one other (can't remember the name) NONE of them block access to the UDP services no matter what I do In InteractiveBastille, I don't enter anything for UDP service names or port numbers to allow on public interfaces but I entered 1:65535 for UDP services to block I've posted this message previously and some replies say they don't have this problem with bastille I'm using bastille on Mandrake 81 with iptables and kernel 248-341mdk Any suggestions other than suggesting that I learn iptables and write my own rules? -BEGIN PGP SIGNATURE- Version: PGPfreeware 658 for non-commercial use http://wwwpgpcom Comment: Encryption isn't just for secrets iQA/AwUBPH7JZVHWApkbcbVkEQK8hwCgoQeTp9OlHH4gqH5yOg5nSwSOz7sAnjg9 P4C/2EUGg4serS1Gd6wjcTU5 =oa4V -END PGP SIGNATURE- This message has been 'sanitized' This means that potentially dangerous content has been rewritten or removed The following log describes which actions were taken Sanitizer (start=1014942564): Part (pos=2415): SanitizeFile (filename=unnamedtxt, mimetype=text/plain): Match (rule=2): Enforced policy: accept Part (pos=3401): SanitizeFile (filename=messagefooter, mimetype=text/plain): Match (rule=default): Enforced policy: defang Replaced mime type with: application/DEFANGED-4 Replaced file name with: message_footerDEFANGED-4 Total modifications so far: 1 Anomy 000 : Sanitizerpm $Id: Sanitizerpm,v 132 2001/10/11 19:27:15 bre Exp $ Want to buy your Pack or Services from MandrakeSoft? Go to http://wwwmandrakestorecom Want to buy your Pack or Services from MandrakeSoft? Go to http://wwwmandrakestorecom
[expert] firewall / virus wall with usage report?
Hey Guys! Can anyone suggest some software that is a firewall / viruswall that also can email me bandwidth usage reports for the box? Thanks! -- = Dan Belkie Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall/Gateway ?
Aaron Winters wrote: I have 49 Windows PCs (all but 2 are running Win2k and they are 98se), 16 Macs one Win2k DC and 1 MDK 8.1 web, ftp, ssh server that I manage. They are on a Win2k domain and the DC does all the DNS, the client PCs all have static IPs. They all get there gateway out from a Novell server that I have no control of. I would like to add some firewall protection to my portion of the network (did I mention all the IPs are external!) and I want to be able to block the IM clients like Yahoo, AIM by killing their ports. Could I add a linux box to be the firewall and gateway without to much knowledge of setting this stuff up under Linux. Would it work by pointing the Linux box to the current gateway and change the clients to point to it for their gateway? Thanks, __ You're just jealous because the voices are talking to me! SNF is a wonderful product for this--put a box with two NICs between the network and the Novell server and add one static IP on the network side--there you will need to set up a netmask to enclose your local IPs (and you can make them local addresses) the other NIC attaches to the novell server. Now from any local station once you are installed, run a browser at https://(IP of SNF):8443 with login admin and password the admin password you set up at install time. You can configure The internet connection, specify which traffic goes through each way, forward ports to ftp or web servers if you like, bust junk by blocking domains using squidguard, and so on. SNF is very stable technology, right now based on kernel 2.2, and it is annoying to some because it does not offer a DMZ, and because editing the usual files directly on the server as root doesn't make a permanent configuration.. The browser is the tool of choice or else the study of the code to find the files that load the config files. Anyway, it is a neat package that can work with an old P166 and 64M and a little disk to make your life much easier. Civileme QA Team Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall/Gateway ?
On Sat, 26 Jan 2002 10:56, Civilme wrote: SNF is a wonderful product for this--put a box with two NICs between the network and the Novell server and add one static IP on the network side--there you will need to set up a netmask to enclose your local IPs (and you can make them local addresses) the other NIC attaches to the novell server. Now from any local station once you are installed, run a browser at https://(IP of SNF):8443 with login admin and password the admin password you set up at install time. You can configure The internet connection, specify which traffic goes through each way, forward ports to ftp or web servers if you like, bust junk by blocking domains using squidguard, and so on. SNF is very stable technology, right now based on kernel 2.2, and it is annoying to some because it does not offer a DMZ, and because editing the usual files directly on the server as root doesn't make a permanent configuration.. The browser is the tool of choice or else the study of the code to find the files that load the config files. Anyway, it is a neat package that can work with an old P166 and 64M and a little disk to make your life much easier. Civileme QA Team I've been playing with this on a P75 with 24Mb RAM where it goes onto the box either via the graphical install or the text install without any dramas. In this box I have 2 NIC's and both are detected very well. The major hurdle I have now is trying to apply the updates. Httpd-naat (original) has a problem finding the offical mirrors - known problem and reason for the updated package. I manually download updates from an official mirror. Httpd-naat wipes out the default user and refuses to run at all. Kernel updates goes well, but some of the modules are not found in the newer version during boot. Apache breaks totally once the update is installed - no socket error from links http://127.0.0.1/;, which worked on the original packages. urpmi webmin can't locate the required perl-Net_SSLeay-1.05-4mdk package. Has anyone tested the update packages listed in the official updates directory with a clean install of snf7.2? In light of the problems I've experienced above, would it be about time for a newer version of snf7.2 to be released? -- CYA, Muzza. Registered Linux User 133740 Mandrake Linux 8.1 Kernel version 2.4.8-34.1mdk Current Linux uptime: 4 days 16 hours 36 minutes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall/Gateway ?
on one of the snf mail lists there was a thread where i got told off!:-) for not reading advisories on how to update snf with regards to httpd-naat and apache, i forget which list but if iirc the procedure is to download the update rpms manually and to update apache first manually and then httpd-naat, naat-frontend-www-en manually, also iirc you have to uninstall httpd-naat first with --nodeps because of problems with some script or other, i had to reinstall recently after a failed upgrade to the new snf on cooker adn what i did was, install fresh, run the update from the web interface, note down all the rpms listed for upgrade and then fetch them manually, then, uninstalled httpd-naat and naat-frontend-www-en both --nodeps, then i uninstalled apache, php, mod_php, mod_auth_external (all these rpm names from memory) and some others - they were all listed as dependencies of the newer version of apache - using --nodeps, then i installed the newer apache and its dependencies, followed by httpd-naat, naat-backend and naat-frontend-www-en nad then any others, durng this process i noticed that i got a message saying that perl was not in the rpm database (or similar), it might be a good idea to make updating perl the first job before anythin else so that the rpm database has it listed anyway snf is now updated, i have all the users i should have, running update lists all the mirrors (doesn't find any updates presumably because there aren' any), and https://snfhost:8443 lets me in fine, whether this is the recommended way to do things i can't say but it seems to have worked for me the list that this got discussed in was either: [EMAIL PROTECTED] or [EMAIL PROTECTED] what archives exist i'm not sure bascule On Saturday 26 January 2002 3:19 am, you wrote: I've been playing with this on a P75 with 24Mb RAM where it goes onto the box either via the graphical install or the text install without any dramas. In this box I have 2 NIC's and both are detected very well. The major hurdle I have now is trying to apply the updates. Httpd-naat (original) has a problem finding the offical mirrors - known problem and reason for the updated package. I manually download updates from an official mirror. Httpd-naat wipes out the default user and refuses to run at all. Kernel updates goes well, but some of the modules are not found in the newer version during boot. Apache breaks totally once the update is installed - no socket error from links http://127.0.0.1/;, which worked on the original packages. urpmi webmin can't locate the required perl-Net_SSLeay-1.05-4mdk package. Has anyone tested the update packages listed in the official updates directory with a clean install of snf7.2? In light of the problems I've experienced above, would it be about time for a newer version of snf7.2 to be released? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall/Gateway ?
On Sat, 26 Jan 2002 12:41, you wrote: on one of the snf mail lists there was a thread where i got told off!:-) for not reading advisories on how to update snf with regards to httpd-naat and apache, i forget which list but if iirc the procedure is to download the update rpms manually and to update apache first manually and then httpd-naat, naat-frontend-www-en manually, also iirc you have to uninstall httpd-naat first with --nodeps because of problems with some script or other, i had to reinstall recently after a failed upgrade to the new snf on cooker adn what i did was, install fresh, run the update from the web interface, note down all the rpms listed for upgrade and then fetch them manually, then, uninstalled httpd-naat and naat-frontend-www-en both --nodeps, then i uninstalled apache, php, mod_php, mod_auth_external (all these rpm names from memory) and some others - they were all listed as dependencies of the newer version of apache - using --nodeps, then i installed the newer apache and its dependencies, followed by httpd-naat, naat-backend and naat-frontend-www-en nad then any others, durng this process i noticed that i got a message saying that perl was not in the rpm database (or similar), it might be a good idea to make updating perl the first job before anythin else so that the rpm database has it listed anyway snf is now updated, i have all the users i should have, running update lists all the mirrors (doesn't find any updates presumably because there aren' any), and https://snfhost:8443 lets me in fine, whether this is the recommended way to do things i can't say but it seems to have worked for me the list that this got discussed in was either: [EMAIL PROTECTED] or [EMAIL PROTECTED] what archives exist i'm not sure bascule Thank you for the reply Bascule. The above appears to be an extremely intuiative method of doing things. I should have tried uninstalling more than just a few packages first, then updating to the newer packages. I will try your suggested method later today. Thanks again, -- CYA, Muzza. Registered Linux User 133740 Mandrake Linux 8.1 Kernel version 2.4.8-34.1mdk Current Linux uptime: 4 days 18 hours 45 minutes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Firewall/Gateway ?
Hmm, for blocking of IM's take a look at http://www.novell.com/coolsolutions/gov/features/tips/t_blocking_instant_messengers_gov.html Best idea would be IMHO to block the login server e.g. login.oscar.aol.com in your firewall scripts, blocking the ports will not work. Your idea will work, you will just have to configure the firewall a little bit ;-) but on the other side, if the Novell Server is running BorderManager this can be done directly on the Novell Server. Bye Marcus -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Aaron WintersSent: Thursday, January 24, 2002 4:37 AMTo: Mandrake ExpertSubject: [expert] Firewall/Gateway ? I have 49 Windows PCs (all but 2 are running Win2k and they are 98se), 16 Macs one Win2k DC and 1 MDK 8.1 web, ftp, ssh serverthat I manage. They are on a Win2k domain and the DC does all the DNS, the client PCs all have static IPs. They all get there gateway out from a Novell server that I have no control of. I would like to add some firewall protection to my portion of the network (did I mention all the IPs are external!) and I want to be able to block the IM clients like Yahoo, AIM by killing their ports. Could I add a linux box to be the firewall and gateway without to much knowledge of setting this stuff up under Linux. Would it work by pointing the Linux box to the current gateway and change the clients to point to it for their gateway? Thanks,__You're just jealous because the voices are talking to me!
[expert] Firewall/Gateway ?
I have 49 Windows PCs (all but 2 are running Win2k and they are 98se), 16 Macs one Win2k DC and 1 MDK 8.1 web, ftp, ssh serverthat I manage. They are on a Win2k domain and the DC does all the DNS, the client PCs all have static IPs. They all get there gateway out from a Novell server that I have no control of. I would like to add some firewall protection to my portion of the network (did I mention all the IPs are external!) and I want to be able to block the IM clients like Yahoo, AIM by killing their ports. Could I add a linux box to be the firewall and gateway without to much knowledge of setting this stuff up under Linux. Would it work by pointing the Linux box to the current gateway and change the clients to point to it for their gateway? Thanks,__You're just jealous because the voices are talking to me!
RE: [expert] Firewall install - smoothwall
I may go get myself a copy, I'll give Linux Emporium a call this morning. I only have a v90 modem so downloading it is a no-no. Thanks again, Dave. Original Message: - From: Vincent Danen [EMAIL PROTECTED] Date: Mon, 21 Jan 2002 00:42:25 -0700 To: [EMAIL PROTECTED] Subject: Re: Re[2]: [expert] Firewall install - smoothwall On Sat Jan 12, 2002 at 12:53:32PM +, David Stevenson wrote: I was thinking about that, but I am put off by the 32mb or ram min quoted on the MDK site. The laptop only has 8mb. I have succesfully loaded mdk 6 and 8 on the laptop, although I did not install any WM's or X as I thought it might fall over. I am happy configing a machine via manually editing text files. But, does SNF need to install X? If I have to buy an old 486'ish box, then I may as well use smoothwall. Any comments on the SNF and X? IIRC, SNF doesn't install X at all. I think the 32mb requirement is more for the installer as DrakX goes in GUI mode (but I think you can do the install in text mode the same way as with 8.0). All the SNF configuration is done via a special HTTPS port (8200 I believe), so you do the configuration by connecting to it on that port from another machine. -- MandrakeSoft Security, OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 9 days 11 hours 20 minutes. mail2web - Check your email from the web at http://mail2web.com/ . Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re[2]: [expert] Firewall install - smoothwall
On Sat Jan 12, 2002 at 12:53:32PM +, David Stevenson wrote: I was thinking about that, but I am put off by the 32mb or ram min quoted on the MDK site. The laptop only has 8mb. I have succesfully loaded mdk 6 and 8 on the laptop, although I did not install any WM's or X as I thought it might fall over. I am happy configing a machine via manually editing text files. But, does SNF need to install X? If I have to buy an old 486'ish box, then I may as well use smoothwall. Any comments on the SNF and X? IIRC, SNF doesn't install X at all. I think the 32mb requirement is more for the installer as DrakX goes in GUI mode (but I think you can do the install in text mode the same way as with 8.0). All the SNF configuration is done via a special HTTPS port (8200 I believe), so you do the configuration by connecting to it on that port from another machine. -- MandrakeSoft Security, OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 9 days 11 hours 20 minutes. msg48193/pgp0.pgp Description: PGP signature
Re: Re[2]: [expert] Firewall install - smoothwall
btw, what about mandrake snf (single network firewall)? it's based on mandrake 7.2 (ala kernel 2.2.19) and should support every hardware the standard mdk 7.2 supports. on a first glance it seems as if it supports the same features as smoothwall, too. you'll find it here: http://www.mandrakesoft.com/products/snf -- Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgement. For even the very wise cannot see all ends. - Gandalf Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall for larger network?
On Mon, 2001-12-17 at 09:21, Dave Sherman wrote: On Sun, 2001-12-16 at 21:08, Michael Seymour wrote: snip I can't speak for Mandrake SNF, but the sysadmins at my local ISP have told me that SmoothWall (www.smoothwall.org) is very powerful and flexible. Hey, before you check out smoothwall, you'll want to read the discussion at slashdot about the firewall. it's by far the most productive discussion I've read their in weeks, with good points on all sides. If I may sum up the discussion, half of the people who want to use smoothwall have been flamed on smoothwall's IRC by lead developers for a) not being a genius b) not donating before asking an innocent question I'm all for learning to read a manual and putting up some cash for the Community, but these come across as just plain mean IMO. certainly a step down from the friendly help you get on this list =) You can read the story, related article, and comments and decide for yourself. http://slashdot.org/article.pl?sid=02/01/09/2050237mode=thread one reader points to a forked project @ www.ipcop.org I've been reading about openBSD as a firewall in recent days and I've been _VERY_ impressed. they even have a section in their FAQ (www.openbsd.org/faq) about migrating from linux. with 4 years without a remote hole in the default installation, it's at least worth reading about. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re[2]: [expert] Firewall install - smoothwall
On 12 Jan 2002 12:24:41 +0100 Tobias Marx [EMAIL PROTECTED] wrote: I was thinking about that, but I am put off by the 32mb or ram min quoted on the MDK site. The laptop only has 8mb. I have succesfully loaded mdk 6 and 8 on the laptop, although I did not install any WM's or X as I thought it might fall over. I am happy configing a machine via manually editing text files. But, does SNF need to install X? If I have to buy an old 486'ish box, then I may as well use smoothwall. Any comments on the SNF and X? TIA Dave btw, what about mandrake snf (single network firewall)? it's based on mandrake 7.2 (ala kernel 2.2.19) and should support every hardware the standard mdk 7.2 supports. on a first glance it seems as if it supports the same features as smoothwall, too. you'll find it here: http://www.mandrakesoft.com/products/snf -- Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgement. For even the very wise cannot see all ends. - Gandalf Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall for larger network?
Originally to: All This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_tcob1.net-7235-1008635601-0001-2 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Have you considered www.astaro.com Greg On Mon, 2001-12-17 at 09:21, Dave Sherman wrote: On Sun, 2001-12-16 at 21:08, Michael Seymour wrote: I have played around with SNF and found it to be adequate for a small network and I currently use it at home; however, I will be looking for a larger firewall over the next few months for my work environment. We have 3 e-mail servers and 3 web servers with unique IP addresses so I will need to able to do static NAT etc. Will a future version of SNF support this? I can't speak for Mandrake SNF, but the sysadmins at my local ISP have told me that SmoothWall (www.smoothwall.org) is very powerful and flexible. Dave -- Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com --=_tcob1.net-7235-1008635601-0001-2 Content-Type: text/plain; name=message.footer; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename=message.footer X-Mime-Autoconverted: from 8bit to 7bit by courier 0.36.1 - Gateway Information. This message originated from a Fidonet System (http://www.fidonet.org) and was gated at TCOB1 (http://www.tcob1.net) Please do not respond direct to this message but via the list Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re[2]: [expert] Firewall install - smoothwall
On Saturday 05 January 2002 2:34 pm, you wrote: At 07:06 PM 1/5/2002 -0500, DStevenson wrote: Is this the document that tells you to install a bloated full OS and then hack it with smoothwall, eemm. On a Laptop with 800Meg, 16Mb Ram and, yes, dx400 100 cpu? If not, I would appreciate the url. Thanks for being interested enough to look at the smoothie site! Dave. It was discussed in one of the many voluminous pdf files offered at the website. Yes...it was the FAQ, I downloaded and read that one, this suggests installing Red Hat and then hacking the smoothie on to it. I have tried to install Mandrake 6, as I bought the pack a long while ago. This came with a boot disk, as the laptop won't boot cdroms. Once install completes, reboot fails when init trys to optimize disk hda. The laptop only has 8mb ram (above info incorrect). When I swop the disk into another laptop, P120 (8meg) rather than dx4 100, all is OK. What do you guys think could be the most likely reason. The P120 laptop is borrowed so I do not have it forever. The P120 has CD and the dx4 does not, so I install on P120 and then swap disks. I would install an older linux distro but how do I create a boot disk when I only have the distro CD? Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: Re[2]: [expert] Firewall install - smoothwall
At 11:02 AM 1/4/2002 -0500, [EMAIL PROTECTED] wrote: I did take a look and did notice that there was a problem, as I mentioned in the first email I sent on this thread...however I noticed that the new release 0.9.9 had been released...so I was wondering if this version supported pcmcia. Also, there has been suggested that you can hack the smoothwall dist and add pcmcia support into the kernel, my question was 'has anyone done this?'. Thanks, David G E Stevenson - Bristol England alias [EMAIL PROTECTED] ;-) David, there is full documentation on using Smoothwall with pcmcia card on their website. J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re[2]: [expert] Firewall install - smoothwall
On Saturday 05 January 2002 12:21 pm, you wrote: At 11:02 AM 1/4/2002 -0500, [EMAIL PROTECTED] wrote: I did take a look and did notice that there was a problem, as I mentioned in the first email I sent on this thread...however I noticed that the new release 0.9.9 had been released...so I was wondering if this version supported pcmcia. Also, there has been suggested that you can hack the smoothwall dist and add pcmcia support into the kernel, my question was 'has anyone done this?'. Thanks, David G E Stevenson - Bristol England alias [EMAIL PROTECTED] ;-) David, there is full documentation on using Smoothwall with pcmcia card on their website. Is this the document that tells you to install a bloated full OS and then hack it with smoothwall, eemm. On a Laptop with 800Meg, 16Mb Ram and, yes, dx400 100 cpu? If not, I would appreciate the url. Thanks for being interested enough to look at the smoothie site! Dave. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re[2]: [expert] Firewall install - smoothwall
At 07:06 PM 1/5/2002 -0500, DStevenson wrote: Is this the document that tells you to install a bloated full OS and then hack it with smoothwall, eemm. On a Laptop with 800Meg, 16Mb Ram and, yes, dx400 100 cpu? If not, I would appreciate the url. Thanks for being interested enough to look at the smoothie site! Dave. It was discussed in one of the many voluminous pdf files offered at the website. J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall install - smoothwall
HI All, I will be installing a dedicated firewall box running smoothwall in the near future. I just want to check some areas that will need to change. The box on my network connected to the internet via DUP on serial modem uses IP Tables and Masquerading and Bastille to act as a gateway/firewall for the other clients. When I install the Smoothwall firewall (an old Laptop), I will be adding a second NIC to replace the modem, and connect this NIC to the firewall. Inet---Firewall---MDK8.0 Box---Network Hub---all other clients Do I still need IPTables/Masquerading? Can I just point all the clients to the firewall IP, or as it will be connected directly to a box, rather than the HUB, will the mdk box still be the gateway? Obviously, I will be removing the bastille firewall as this becomes redundant. Thanks in advance. Dave. mail2web - Check your email from the web at http://mail2web.com/ . Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Firewall install - smoothwall
Just seen metioned that smoothie does not support pcmcia, as the laptop will be using a pcmcia NIC this could be a major problem. Has anyone got smoothie installed on a laptop with pcmcia NIC? TIA Dave Original Message: - From: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Fri, 4 Jan 2002 06:38:44 -0500 To: [EMAIL PROTECTED] Subject: [expert] Firewall install - smoothwall HI All, I will be installing a dedicated firewall box running smoothwall in the near future. I just want to check some areas that will need to change. The box on my network connected to the internet via DUP on serial modem uses IP Tables and Masquerading and Bastille to act as a gateway/firewall for the other clients. When I install the Smoothwall firewall (an old Laptop), I will be adding a second NIC to replace the modem, and connect this NIC to the firewall. Inet---Firewall---MDK8.0 Box---Network Hub---all other clients Do I still need IPTables/Masquerading? Can I just point all the clients to the firewall IP, or as it will be connected directly to a box, rather than the HUB, will the mdk box still be the gateway? Obviously, I will be removing the bastille firewall as this becomes redundant. Thanks in advance. Dave. mail2web - Check your email from the web at http://mail2web.com/ . mail2web - Check your email from the web at http://mail2web.com/ . Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall install - smoothwall
At 06:38 AM 1/4/2002 -0500, [EMAIL PROTECTED] wrote: When I install the Smoothwall firewall (an old Laptop), I will be adding a second NIC to replace the modem, and connect this NIC to the firewall. Inet---Firewall---MDK8.0 Box---Network Hub---all other clients Do I still need IPTables/Masquerading? Can I just point all the clients to the firewall IP, or as it will be connected directly to a box, rather than the HUB, will the mdk box still be the gateway? Obviously, I will be removing the bastille firewall as this becomes redundant. Thanks in advance. Dave. First, as I am sure you are aware, a firewall is only a firewall if it provides some kind of protection. You will need some kind of port filtering to occur, either iptables or ipchains. Now what I do not know about is Smoothwall. Is this some kind of firewall software, and does it run with an OS or is it a stand alone firewall app? If you want clients on the private LAN to access the Internet by using one IP address, you will need some kind of NAT and/or IP forwarding functioning on the gateway server, and this, from your diagram, looks like it will be the firewall machine. So without totally understanding what Smoothwall does, I would say you need firewall (iptables or ipchains) rules, NIDS rules, and IP forwarding to be on your firewall machine. Hope this helps a bit. J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall install - smoothwall
At 06:38 AM 1/4/2002 -0500, [EMAIL PROTECTED] wrote: HI All, Obviously, I will be removing the bastille firewall as this becomes redundant. Thanks in advance. Dave. And, yes, by all means get rid of the Bastille (hell, the French had the right idea when they stormed it). If this list serves no other purpose other than to point out to people what crap some of these shortcut firewall programs are, it will have served a mighty purpose. Just read some of the problems being encountered by users of Bastille on the list lately. That should convince you to write your own rules. J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: Re: [expert] Firewall install - smoothwall
But does anyone know if smoothwall supports pcmcia NIC yet? I know the old versions did not. Original Message: - From: J. Craig Woods [EMAIL PROTECTED] Date: Fri, 04 Jan 2002 06:32:26 -0600 To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [expert] Firewall install - smoothwall At 06:38 AM 1/4/2002 -0500, [EMAIL PROTECTED] wrote: HI All, Obviously, I will be removing the bastille firewall as this becomes redundant. Thanks in advance. Dave. And, yes, by all means get rid of the Bastille (hell, the French had the right idea when they stormed it). If this list serves no other purpose other than to point out to people what crap some of these shortcut firewall programs are, it will have served a mighty purpose. Just read some of the problems being encountered by users of Bastille on the list lately. That should convince you to write your own rules. J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- mail2web - Check your email from the web at http://mail2web.com/ . Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re[2]: [expert] Firewall install - smoothwall
At 11:31 PM 1/4/2002 +1100, ze0 wrote: Smoothwall is a light-weight Linux distribution, basically dedicated to firewalling. I'm not sure which it uses, iptables or ipchains. You can read about it here: http://www.smoothwall.org I haven't used it myself, but I hear it is VERY good. Thanks ze0. I did take a look , and since it uses the Linux kernel version, 2.2.19, it must be using ipchains. It does look to be very cool but if [EMAIL PROTECTED] STFW, he or she will see that there is a problem when using Smoothwall with pcmcia hardware.. J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: Re[2]: [expert] Firewall install - smoothwall
I did take a look , and since it uses the Linux kernel version, 2.2.19, it must be using ipchains. It does look to be very cool but if [EMAIL PROTECTED] STFW, he or she will see that there is a problem when using Smoothwall with pcmcia hardware.. I did take a look and did notice that there was a problem, as I mentioned in the first email I sent on this thread...however I noticed that the new release 0.9.9 had been released...so I was wondering if this version supported pcmcia. Also, there has been suggested that you can hack the smoothwall dist and add pcmcia support into the kernel, my question was 'has anyone done this?'. Thanks, David G E Stevenson - Bristol England alias [EMAIL PROTECTED] ;-) mail2web - Check your email from the web at http://mail2web.com/ . Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall for larger network?
On Sun, 2001-12-16 at 21:08, Michael Seymour wrote: I have played around with SNF and found it to be adequate for a small network and I currently use it at home; however, I will be looking for a larger firewall over the next few months for my work environment. We have 3 e-mail servers and 3 web servers with unique IP addresses so I will need to able to do static NAT etc. Will a future version of SNF support this? I can't speak for Mandrake SNF, but the sysadmins at my local ISP have told me that SmoothWall (www.smoothwall.org) is very powerful and flexible. Dave -- Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall for larger network?
Have you considered www.astaro.com Greg On Mon, 2001-12-17 at 09:21, Dave Sherman wrote: On Sun, 2001-12-16 at 21:08, Michael Seymour wrote: I have played around with SNF and found it to be adequate for a small network and I currently use it at home; however, I will be looking for a larger firewall over the next few months for my work environment. We have 3 e-mail servers and 3 web servers with unique IP addresses so I will need to able to do static NAT etc. Will a future version of SNF support this? I can't speak for Mandrake SNF, but the sysadmins at my local ISP have told me that SmoothWall (www.smoothwall.org) is very powerful and flexible. Dave -- Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall for larger network?
I have played around with SNF and found it to be adequate for a small network and I currently use it at home; however, I will be looking for a larger firewall over the next few months for my work environment. We have 3 e-mail servers and 3 web servers with unique IP addresses so I will need to able to do static NAT etc. Will a future version of SNF support this? Michael Seymour
RE: [expert] Firewall Log Question
Also add to this that there are 192.168.0.0 packets leaking onto the internet from misconfigured routers all the time! -JMS |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED]] On Behalf Of Ed Tharp |Sent: Thursday, November 22, 2001 4:18 PM |To: [EMAIL PROTECTED] |Subject: Re: [expert] Firewall Log Question | | |It's always been my understanding that one of the reasons to |have 192.168.x.x |Ip numbers in a internal network is to enable,,, oh say a GOOD |network (or |even a really lame) Admin to block those IPs frpom external |sources. just how |much do you share this network? just having THOSE ip numbers |don't mean |anything execpt that the ADMIN IS AN A$$. in my humble |opinion. to accuse |some one who owns a dog that looks like your dog of stealing |your dog, when |their dog ran away because they did not fed it or shelter it |seems...shall we |say...dis-inginuous. if the other Admin can not close his |system (might be a |M$winder$ system,,, why should he blame you, because you have a closed |(linux) system? | Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall Log Question
I have to agree with Tarragon here. It doesn't look to me like any sort of hacking attempt as it looks like their firewall is just recieving packets to ports which they are blocking and it is dropping them. It very well could be a machine on their network which has the IP address of 192.168.X.X misconfigured. I'd be hesitant to say that it is you.. but if it is, how are you guys connected together? Anything physical or is this remote, over the internet? If this is remote over the internet and they are saying that 192.168.X.X is hacking them, I don't think it's you :) Leif Madsen - Project Manager [EMAIL PROTECTED] http://www.plannettechnologies.com - Original Message - From: Tarragon Allen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 20, 2001 10:32 PM Subject: Re: [expert] Firewall Log Question A more information is required situation. Also, I'd assume it's not hacking - it feels more like some sort of misconfiguration to me. Btw, is this other company on the same network or share network hardware? What connections do you have to this company? Could it be something as simple as a patch lead connecting two hubs together? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall Log Question
On Thu, 22 Nov 2001 10:08, Leif Madsen wrote: I have to agree with Tarragon here. It doesn't look to me like any sort of hacking attempt as it looks like their firewall is just recieving packets to ports which they are blocking and it is dropping them. It very well could be a machine on their network which has the IP address of 192.168.X.X misconfigured. I doubt it's a single misconfigured machine using an IP in that range : there are denys for many different IP's in the range, which seems to indicate that the networks (whether it's Eduardo's or someone elses) are connected somehow. t -- PGP key : http://n12turbo.com/tarragon/public.key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall Log Question
Thanks for your help. With this I sent a small description about how network has bean setting up and the hardware that the we are using. Network 1 : 10.10.X.X / 255.255.0.0 (The Other Company/Firewall) Network 2 : 192.168.5.X.X / 255.255.0.0 (My company) The Switch we have 2 Vlans. The Switch and Gateway/Firewall is controlled by the other company. The Router connect us to the internet. The router is controlled by ISP - |Router| |HUB ||Comp. (Win)|(192.168.X.X) |Cisco || |---|Network 2 | - (192.168.X.X) | |_ (10.10.X.X) | |(port Vlan2) v v -- --(Vlan 2) 192.168.X.X |Gateway | |Switch |NetWork 2 (Windows) |FireWall||3Com|(Vlan 1) |(Linux) | (port Vlan1)||NetWork 1 (Windows) -- -- 10.10.X.X (10.10.X.X)(10.10.X.X) - Original Message - From: Tarragon Allen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 20, 2001 11:32 PM Subject: Re: [expert] Firewall Log Question On Wed, 21 Nov 2001 14:09, Eduardo Bencomo wrote: We are in a mixed network, which includes a router Cisco, a 3COM swich common to the two networks and a hub where gateway/fire wall linux computer is connected. One of the network is my company network (192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker, alleging we have tried to go into their VPN. As prove of tha t , they are showing the following type of message: How do they know it's your network? The 192.168.x.x range is used by many many many people out there to define their internal networks, and is in fact supplied on spec (in one of the RFC's) for this very purpose. Just showing some logs with that IP in it doesn't seem to constitute any proof whatsoever that your particular network was involved. The actual packets they've listed here appear to be NetBIOS broadcasts. These are sent by Windows clients when they are trying to poll the network for other Windows machines. It looks to me like Windows machines using 192.168.x.x is trying to poll something on their network. Again, no indication that it's neccesarily from *your* network, it could be any machine using those IPs with a subnet mask of 255.255.0.0. If they are seeing these packets, how did they make it there? If they are running a VPN, the only way they could see these packets from your network would be if someone using that IP connected to their VPN and then forwarded packets to them. Unless they can provide more proof (perhaps with explanations of where they think the traffic is coming from, rather than a pile of oblique logs from a network and host you have no more information about) there's not much you can do. A more information is required situation. Also, I'd assume it's not hacking - it feels more like some sort of misconfiguration to me. Btw, is this other company on the same network or share network hardware? What connections do you have to this company? Could it be something as simple as a patch lead connecting two hubs together? t Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) -- PGP key : http://n12turbo.com/tarragon/public.key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall Log Question
On Thu, 22 Nov 2001 14:41, eduardo wrote: Thanks for your help. With this I sent a small description about how network has bean setting up and the hardware that the we are using. Network 1 : 10.10.X.X / 255.255.0.0 (The Other Company/Firewall) Network 2 : 192.168.5.X.X / 255.255.0.0 (My company) The Switch we have 2 Vlans. The Switch and Gateway/Firewall is controlled by the other company. The Router connect us to the internet. The router is controlled by ISP - |Router| |HUB ||Comp. (Win)|(192.168.X.X) |Cisco || |---|Network 2 | - (192.168.X.X) | |_ (10.10.X.X) | |(port Vlan2) v v -- --(Vlan 2) 192.168.X.X |Gateway | |Switch |NetWork 2 (Windows) |FireWall||3Com|(Vlan 1) |(Linux) | (port Vlan1)||NetWork 1 (Windows) -- -- 10.10.X.X (10.10.X.X)(10.10.X.X) Well, the firewall logs you sent look like they were generated on the linux box. The linux box is connected by a hub to your windows network. Why are they suprised to see traffic from that network hit their linux box, when it's physically on the same network? Also, just as a question of configuration, shouldn't the VLAN's be on different subnets to the main networks? Is this 3COM switch handling the VLAN authentication and so forth? Is eth0 on the linux box connected to the hub or to the switch? t -- PGP key : http://n12turbo.com/tarragon/public.key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall Log Question
We are in a mixed network, which includes a router Cisco, a 3COM swich common to the two networks and a hub where gateway/fire wall linux computer is connected. One of the network is my company network (192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker, alleging we have tried to go into their VPN. As prove of tha t , they are showing the following type of message: Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.138:137 192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71) Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.20:138 192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71) Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:138 192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71) Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:137 192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71) Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.100:138 192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71) Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.172:137 192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71) They have as many as 40 pages of this type of messages , presenting this "deny" access as the evidence we have tried to penetrate their network. Since we are not int er ested is go into that VPN, nor we have tried to do it, please help me in find a technnical explanation for the "evidences" the have shown. Thanks.
[expert] Firewall Log Question
We are in a mixed network, which includes a router Cisco, a 3COM swich common to the two networks and a hub where gateway/fire wall linux computer is connected. One of the network is my company network (192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker, alleging we have tried to go into their VPN. As prove of that, they are showing the following type of message: Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.138:137 192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71) Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.20:138 192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71) Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:138 192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71) Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:137 192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71) Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.100:138 192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71) Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.172:137 192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71) They have as many as 40 pages of this type of messages, presenting this "deny" access asthe evidence we have tried to penetrate their network. Since we are not interested is go into that VPN, nor we have tried to do it, please help me in find a technnical explanation for the "evidences" the have shown. Thanks.
Re: [expert] Firewall Log Question
On Wed, 21 Nov 2001 14:09, Eduardo Bencomo wrote: We are in a mixed network, which includes a router Cisco, a 3COM swich common to the two networks and a hub where gateway/fire wall linux computer is connected. One of the network is my company network (192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker, alleging we have tried to go into their VPN. As prove of tha t , they are showing the following type of message: How do they know it's your network? The 192.168.x.x range is used by many many many people out there to define their internal networks, and is in fact supplied on spec (in one of the RFC's) for this very purpose. Just showing some logs with that IP in it doesn't seem to constitute any proof whatsoever that your particular network was involved. The actual packets they've listed here appear to be NetBIOS broadcasts. These are sent by Windows clients when they are trying to poll the network for other Windows machines. It looks to me like Windows machines using 192.168.x.x is trying to poll something on their network. Again, no indication that it's neccesarily from *your* network, it could be any machine using those IPs with a subnet mask of 255.255.0.0. If they are seeing these packets, how did they make it there? If they are running a VPN, the only way they could see these packets from your network would be if someone using that IP connected to their VPN and then forwarded packets to them. Unless they can provide more proof (perhaps with explanations of where they think the traffic is coming from, rather than a pile of oblique logs from a network and host you have no more information about) there's not much you can do. A more information is required situation. Also, I'd assume it's not hacking - it feels more like some sort of misconfiguration to me. Btw, is this other company on the same network or share network hardware? What connections do you have to this company? Could it be something as simple as a patch lead connecting two hubs together? t Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) -- PGP key : http://n12turbo.com/tarragon/public.key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall Log Question
Hiya, well looking at the port numbers 137 138 if I remember right thats netbios ports, are you running SAMBA ? on your network ?, anyway if you turn off those two ports on outgoing packets that should stop the other company accusing you of hacking. But if the other co had a real sys admin person they know thatr anyway. HTH Eduardo Bencomo wrote: We are in a mixed network, which includes a router Cisco, a 3COM swich common to the two networks and a hub where gateway/fire wall linux computer is connected. One of the network is my company network (192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker, alleging we have tried to go into their VPN. As prove of tha t , they are showing the following type of message: Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.138:137 192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71) Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.20:138 192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71) Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:138 192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71) Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:137 192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71) Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.100:138 192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71) Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.172:137 192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71) They have as many as 40 pages of this type of messages , presenting this deny access as the evidence we have tried to penetrate their network. Since we are not int er ested is go into that VPN, nor we have tried to do it, please help me in find a technnical explanation for the evidences the have shown. Thanks. -- Richard Bown Ericsson Microwave Systems AB SE-431 84 Mölndal e-mail [EMAIL PROTECTED] tel +46 31 74 72422 mobile +46 7098 72422 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] firewall rules
Try /etc/Bastille On 30 Oct 2001, Bill Kenworthy wrote: Hi, where are the rules for the tinyfirewall script kept. I want to do some minor mods. BillK -- Arthur H. Johnson II [EMAIL PROTECTED] The Linux Box http://www.linuxbox.nu Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall and Proxy
Starting with Mandrake 7.0 I've now reached Mandrake 8.1 by updating. I'm very pleased with this version: Everything works fine: X with hardware acceleration, tv, parallel port scanner, cups, vmware etc. But there remains one problem: My second pc (pentium 133 mhz with MDK-8.0) uses the proxy wwwoffle, which runs on the 1st pc to connect to the internet. This works fine when I stop the firewall which I set up with DrakConf. But of course I want to use the firewall, because all tests say that it is very effective. How can I open port 8080 just for my 2nd pc? Many thanks for any hints Uli Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall configuration for iConnectHere.com telephony client
[expert] Firewall issues with Mandrake 8.0
Hi all! I was running Mandrake 7.1 and my firewall was in ipchains and everything worked fine, since then I've installed mandrake 8.0 and now I run iptables and now my firewall works for about a day or less, then I have to down the external interface and up again and then it works again for about a day or so. Does anyone knows what could cause this?? Or where I should look for the problem in the logs? BTW I am running firestarter for the firewall since I am not familiar with iptables syntax, I've also tried using InteractiveBastille with no luck, after spending 30 minutes anwering questions IP masquering was not working. Please help. Adriano
[expert] Firewall / Router Advice
Hello Expert List! If possible can anybody advise me on the following scenario: My home network (4 pcs and a laptop of varying Windows / Linux versions) currently accesses the Internet via a 3Com OfficeConnect ISDN router. The machines are connected to a hub, which in turn uplinks to the router. Currently the router has an internal IP address of 172.18.9.30 and the machines have IP's in the range of 172.18.9.* - On connecting to my ISP a dynamic IP is allocated to the external port of the router and it performs NAT accordingly. The default gateway in each machine is set to the internal IP of the router and everything works fine. What I'm trying to do is put a Linux box (Mandrake 7.2) as a proxy server / firewall in between the hub and the router to increase security and offer proxying facilities. I'm fairly new to Linux (been playing with Mandrake for about 6 months), but have a reasonable knowledge of networking. So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100 and is connected to the router and eth1 is 172.18.9.101 and is connected to the hub of the internal network. I've enabled routing in linuxconf, and the default gateway is set at 172.18.9.30, at this point from this Linux box I assumed that I would be able to a:) ping the other machines on my network and b:) be able to ping the router / internet. But I can only ping the router and the internet, not the internal network. I also assumed (wrongly?) that I'd still be able to ping the router / internet from the rest of the machines. So now I'm a little stuck - too many years of plug and pray with Microsoft have taken their toll! I'd appreciate any help on getting this all set up correctly, I've got a copy of PMFirewall and Squid - although I'm open to suggestions if there's anything better - but first things first I'd like to get the Linux box working as a simple middle man between the hub and router.. Many thanks, Martyn
Re: [expert] Firewall / Router Advice
On Fri, 27 Apr 2001, Martyn Wendon wrote: So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100 and is connected to the router and eth1 is 172.18.9.101 and is connected to the hub of the internal network. I've enabled routing in linuxconf, and the default gateway is set at 172.18.9.30, at this point from this Linux box I assumed that I would be able to a:) ping the other machines on my network and b:) be able to ping the router / internet. But I can only ping the router and the internet, not the internal network. I also assumed (wrongly?) that I'd still be able to ping the router / internet from the rest of the machines. So now I'm a little stuck - too many years of plug and pray with Microsoft have taken their toll! you need to put the two interfaces in different subnets.
Re: [expert] Firewall / Router Advice
Martyn Wendon wrote: So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100 and is connected to the router and eth1 is 172.18.9.101 and is connected to the hub of the internal network. I've enabled routing in linuxconf, and the default gateway is set at 172.18.9.30, at this point from this Linux box I assumed that I would be able to a:) ping the other machines on my network and b:) be able to ping the router / internet. But I can only ping the router and the internet, not the internal network. I also assumed (wrongly?) that I'd still be able to ping the router / internet from the rest of the machines. So now I'm a little stuck - too many years of plug and pray with Microsoft have taken their toll! At least you have seen the light now! :) To get this to work properly, you need to have packet forwarding enabled in your kernel, so you will have to recompile your kernel. It's in the IP Settings, IP Firewalling. Depending on the version of LM you have, you will be using iptables or ipchains, which set up your firewall rules. http://www.bastille-linux.org is a good place to start on firewalling. It can be as simple or as complex as you desire. I haven't touched iptables yet, and as I understand the situation, there are still some potential security problems with iptables, so you may want to steer clear for now. Once you get the kernel rebuilt, have a look at the Firewall HOWTO to get started with ipchains. HTH. -- Craig Sprout Network Administrator Crown Parts and Machine http://www.crownpartsandmachine.com
Re: [expert] Firewall / Router Advice
Martyn, Doesn't it strike as a little weird that both interfaces are on the same network? Which interface does it send to when it wants to ping 172.18.9.200? Both? Or one of them, and then which one? You have two topologies going on in the internal network: star topology on the side of the internal interface of your linux firewall, and bus topology from the internal interface of the firewall to the router. I just looked up your router and so i now know that your internal network is 10BaseT. But 10BaseT doesn't work with a bus topology! According to IEEE 802.3 10BaseT specifications, which is what your linux firewall is going by, when you send a packet out of eth0, any of the rest of that network, including the machines on the eth1 side of it, can hear it. So really, if the linux firewall sends a packet only out of eth0, it's doing nothing wrong. The way i see it, you have two options: 1. Do the classic linux firewall thing and set up the network on eth1 to be something like 192.168.1.0 and on eth1 to be on the 172.18.9.0 network, with the router as your gateway, and do masq'ing from internal to external interface. The point is that both NICs need to be on different subnets. For this check out http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html 2. This is the COOLEST option: set up your linux firewall as a bridge. This would make it a transparent firewall - a bridge that is also a firewall. Much less chance of your firewall box itself being compromised. For this check out http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html http://www.linuxdoc.org/HOWTO/BRIDGE-STP-HOWTO/index.html I hope that makes some sense :-) j --- Martyn Wendon [EMAIL PROTECTED] wrote: Hello Expert List! If possible can anybody advise me on the following scenario: My home network (4 pcs and a laptop of varying Windows / Linux versions) currently accesses the Internet via a 3Com OfficeConnect ISDN router. The machines are connected to a hub, which in turn uplinks to the router. Currently the router has an internal IP address of 172.18.9.30 and the machines have IP's in the range of 172.18.9.* - On connecting to my ISP a dynamic IP is allocated to the external port of the router and it performs NAT accordingly. The default gateway in each machine is set to the internal IP of the router and everything works fine. What I'm trying to do is put a Linux box (Mandrake 7.2) as a proxy server / firewall in between the hub and the router to increase security and offer proxying facilities. I'm fairly new to Linux (been playing with Mandrake for about 6 months), but have a reasonable knowledge of networking. So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100 and is connected to the router and eth1 is 172.18.9.101 and is connected to the hub of the internal network. I've enabled routing in linuxconf, and the default gateway is set at 172.18.9.30, at this point from this Linux box I assumed that I would be able to a:) ping the other machines on my network and b:) be able to ping the router / internet. But I can only ping the router and the internet, not the internal network. I also assumed (wrongly?) that I'd still be able to ping the router / internet from the rest of the machines. So now I'm a little stuck - too many years of plug and pray with Microsoft have taken their toll! I'd appreciate any help on getting this all set up correctly, I've got a copy of PMFirewall and Squid - although I'm open to suggestions if there's anything better - but first things first I'd like to get the Linux box working as a simple middle man between the hub and router.. Many thanks, Martyn __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
[Fwd: Re: [expert] Firewall / Router Advice]
SIGH Is someone playing with the list's Reply-To: address...?? Sent this earlier; but it didn't make to the list because the list was not included in my Reply... Martyn, I've corrected my resonse below... was groggy when I replied this morning and my brain was reversing base10 base16 math... :P Pierre Original Message Subject: Re: [expert] Firewall / Router Advice Date: Fri, 27 Apr 2001 09:58:54 -0400 From: Pierre Fortin [EMAIL PROTECTED] To: Martyn Wendon [EMAIL PROTECTED] References: A1E0FEB3E411D411AD1F0030050124811844CC@NEO Martyn Wendon wrote: Hello Expert List! If possible can anybody advise me on the following scenario: My home network (4 pcs and a laptop of varying Windows / Linux versions) currently accesses the Internet via a 3Com OfficeConnect ISDN router. The machines are connected to a hub, which in turn uplinks to the router. Currently the router has an internal IP address of 172.18.9.30 and the machines have IP's in the range of 172.18.9.* - On connecting to my ISP a dynamic IP is allocated to the external port of the router and it performs NAT accordingly. The default gateway in each machine is set to the internal IP of the router and everything works fine. What I'm trying to do is put a Linux box (Mandrake 7.2) as a proxy server / firewall in between the hub and the router to increase security and offer proxying facilities. I'm fairly new to Linux (been playing with Mandrake for about 6 months), but have a reasonable knowledge of networking. Then you should know that routing is a Layer 3 issue and requires separate [sub]networks to be able to route between... So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100 and is connected to the router and eth1 is 172.18.9.101 and is connected to Even if you had managed to put .100 and .101 in different subnets with a mask=255.255.255.252 (or /30)), one would be a broadcast address (.100=01100100 .101=01100101) the hub of the internal network. I've enabled routing in linuxconf, and the default gateway is set at 172.18.9.30, at this point from this Linux box I assumed that I would be able to a:) ping the other machines on my network and b:) be able to ping the router / internet. But I can only ping the router and the internet, not the internal network. I also assumed (wrongly?) that I'd still be able to ping the router / internet from the rest of the machines. So now I'm a little stuck - too many years of plug and pray with Microsoft have taken their toll! Depending on the addresses of your internal machines you may have to re-address/mask those boxes; but you WILL have to re-address eht0 and/or eth1. The quickest fix (fewest changes will be to change 172.18.9.x on your router and eth0 to 172.[16-31].[0-255].x (except 172.18.9.x) For those suggesting 192.168.x.y, that is valid but Martyn is using another range of addresses as specified in RFC1918: 10.0.0.0- 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) which is why I'm staying within his selected range. I'd appreciate any help on getting this all set up correctly, I've got a copy of PMFirewall and Squid - although I'm open to suggestions if there's anything better - but first things first I'd like to get the Linux box working as a simple middle man between the hub and router.. Just fix your addresses to allow the Linux box to have a clue as to how to route... :^) Pierre Many thanks, Martyn -- Support Linux development: http://www.linux-mandrake.com/donations/ Last reboot reason: 01/03/27: winter storm 6hr power outage
[expert] Firewall.
hi all, Has anyone used Kfirewall here? I needed on in a hurry, so I setup kfirewall to block all the usual ports, and now I am having trouble getting it to keep its settings after reboot... is it only supposed to work while x is running? if so thats a bit sad... is there a way to make the IPchains rules permanent? Also, Since I did the above, ,I have been unable to remotely log into webmin,, even though I didn't block 443 or 1, anyone got any hints on that? many thanks in Advance... regards Frank Perth Western Australia. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Altoine B. Sent: Saturday, 17 February 2001 10:55 PM To: [EMAIL PROTECTED] Subject: Re: [expert] 7.2 Updated and StarOffice 5.2 trouble Mark Belanger wrote: Stig-rjan Smelror wrote: After I updated my installation of 7.2 StarOffice 5.2 won't run. I get "Failed to load necessary components" and did a "strace" to see what it was looking for. It says it can't find "libsmart_egcs29.so" or "libegcs29_smart.so" and I've no clue what so ever to where these files can be found/located... Sounds like you had the "stock" LM7.1. What I mean by that is it was in LM7.1 in the upgrade where gcc merged with egcs into one. LM7.2 should use the new gcc2.95 or higher (if you upgraded). That is why you are having your current problems. Your StarOffice 5.2 was statically linked to the old binaries. You will most likely have to reinstall StarOffice 5.2. -- .--. ` |__| .---. Altoine Barker |=.| |.-.| Maximum Time, Inc |--| ||$SEND|| Chicago Based Enterprise | | |'-'| http://www.maximumtime.com |__|~')_('
Re: [expert] Firewall.
I haven't used Kfirewall so I can't help with this problem. However, like many on this list, I use pmfirewall. It's very easy to configure, supports IPMASQ, and has a good reputation. You can find it at: http://www.pointman.org/PMFirewall/ M. On Saturday 17 February 2001 09:23, Franki wrote: hi all, Has anyone used Kfirewall here? I needed on in a hurry, so I setup kfirewall to block all the usual ports, and now I am having trouble getting it to keep its settings after reboot... is it only supposed to work while x is running? if so thats a bit sad... is there a way to make the IPchains rules permanent? Also, Since I did the above, ,I have been unable to remotely log into webmin,, even though I didn't block 443 or 1, anyone got any hints on that? many thanks in Advance... regards Frank Perth Western Australia. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Altoine B. Sent: Saturday, 17 February 2001 10:55 PM To: [EMAIL PROTECTED] Subject: Re: [expert] 7.2 Updated and StarOffice 5.2 trouble Mark Belanger wrote: Stig-rjan Smelror wrote: After I updated my installation of 7.2 StarOffice 5.2 won't run. I get "Failed to load necessary components" and did a "strace" to see what it was looking for. It says it can't find "libsmart_egcs29.so" or "libegcs29_smart.so" and I've no clue what so ever to where these files can be found/located... Sounds like you had the "stock" LM7.1. What I mean by that is it was in LM7.1 in the upgrade where gcc merged with egcs into one. LM7.2 should use the new gcc2.95 or higher (if you upgraded). That is why you are having your current problems. Your StarOffice 5.2 was statically linked to the old binaries. You will most likely have to reinstall StarOffice 5.2. -- .--. ` |__| .---. Altoine Barker |=.| |.-.| Maximum Time, Inc |--| ||$SEND|| Chicago Based Enterprise | | | |'-'| http://www.maximumtime.com | |__|~')_(' -- Michael O'Henly TENZO Design
Re: [expert] Firewall.
Franki wrote: hi all, Has anyone used Kfirewall here? I needed on in a hurry, so I setup kfirewall to block all the usual ports, and now I am having trouble getting it to keep its settings after reboot... is it only supposed to work while x is running? if so thats a bit sad... is there a way to make the IPchains rules permanent? Also, Since I did the above, ,I have been unable to remotely log into webmin,, even though I didn't block 443 or 1, anyone got any hints on that? many thanks in Advance... regards Frank Frank, Have you tried setting up ipchains with Pmfirewall? That will setup ipchains in a much more permanent fashion and works real nice. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful."
Re: [expert] firewall
El Domingo 11 Febrero 2001 01:41, escribiste: I'll second the suggestion of pmfirewall. It's very easy to set up and does exactly what it's supposed to do. Thanks to all who replied! -- Saludos desde Sevilla
[expert] firewall
Hi, I've installed LM7.2 recently. I am really impressed by the good job done by the guys at Mandrake. Well, here is my question: I am connecting to the internet via ppp and a modem. As I usually stay connected during most part of the day I want to have a firewall. After reading some of this list's messages, I configured the "share internet connection" in drakconf. That installed me Bind, which i didn't install before and added the scripts /etc/rc.d/rc.firewall etc... After looking at them, I've noticed that it only enables ip masquerading for my net (192.168.0.0/24). It also enables some other ports for apps like quake and the sort. Well, obiously, I'd like to have my ports filtered by ipchains or any other thing, but would like to have some kind of script to ease the operation. Anyway, any basic guidelines to firewalling? any place to start reading? or is there any package i missed? As a result of using drakconf and enabling the "sharing internet connection", fetchmail refuses to start when I am not connected to the internet. I use it in daemon mode to download my mail every 11 minutes. Before I could execute it and sent it to background with any problem. Now it says it cannot find the DNS entry for my pop server... Any ideas? Is this related to the firewall? Thanks a lot! -- Saludos desde Sevilla
RE: [expert] firewall
Jesus, I am connecting to the internet via ppp and a modem. As I usually stay connected during most part of the day I want to have a firewall. For a quick fix I'd suggest pmfirewall ... just download it, put it in /usr/local/src, do a tar -xvzf, cd to the pmfirewall directory and do a # sh install.sh Sure, it's a dummy type firewall, but it does work, it's a fast setup, and you can study its ipchains rules to see what it's doing. That installed me Bind, Get rid of bind. You certainly don't need that for a stand-alone ppp dialup connection. Bind is a security problem, not a solution. dave.
Re: [expert] firewall
I'll second the suggestion of pmfirewall. It's very easy to set up and does exactly what it's supposed to do. M. On Saturday 10 February 2001 16:28, Dave wrote: Jesus, I am connecting to the internet via ppp and a modem. As I usually stay connected during most part of the day I want to have a firewall. For a quick fix I'd suggest pmfirewall ... just download it, put it in /usr/local/src, do a tar -xvzf, cd to the pmfirewall directory and do a # sh install.sh Sure, it's a dummy type firewall, but it does work, it's a fast setup, and you can study its ipchains rules to see what it's doing. That installed me Bind, Get rid of bind. You certainly don't need that for a stand-alone ppp dialup connection. Bind is a security problem, not a solution. dave. -- Michael O'Henly TENZO Design
Re: [expert] firewall
On Sat, Feb 10, 2001 at 04:41:53PM -0800, Michael O'Henly wrote: I'll second the suggestion of pmfirewall. It's very easy to set up and does exactly what it's supposed to do. [snip] -- Michael O'Henly TENZO Design I would suggest using portsentry in addition to something like pmfirewall. It comes with 7.2 and is easy to set up. -- Chris and Yoshiko Spackman www.openhistory.org [EMAIL PROTECTED] (English) [EMAIL PROTECTED] (Japanese) "I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered. My life is my own." -The Prisoner
Re: [expert] firewall
Try installing pmfirewall to handle ipchains. I used the DrakConf setup once, and then had to go back and basicly undo the settings and then installed pmfirewall with my mods. DrakConf probably does a good job if you have exactly the setup it expects, but if you dont or not if you want to control what happens, and want to be sure that your system is secure. It is causing the fetchmail problems. Run "fetchmailconf" (as the user who owns the fetchmail process you are running) and select "edit server" for the connection and add (ppp0 in my case) the network interface to "network to monitor". On my setup, fetchmail goes to sleep unless ppp0 is up. Billk As a result of using drakconf and enabling the "sharing internet connection", fetchmail refuses to start when I am not connected to the internet. I use it in daemon mode to download my mail every 11 minutes. Before I could execute it and sent it to background with any problem. Now it says it cannot find the DNS entry for my pop server... Any ideas? Is this related to the firewall? Thanks a lot! -- Saludos desde Sevilla
Re: [expert] Firewall and NIC cards
1) the only problem with multiple cards, is that you will have two modules, and if you are using the LRP floppy, it may just take up room. Still shouldn't be a problem, though. 2) the video is a bios setting, where you simply allow the computer to boot without keyboard or video. 3) Check the Linux Router Project how-to for more specific info. Ron --- John W [EMAIL PROTECTED] wrote: I am preparing to create a firewall/router to do ipmasqing. I am using a p133 box and I have three NIC cards two are 3com 905 tx and the third is a Dlink 530 FE using the Via Rhine driver in Linux. Would I be better off to pair up the matching cards in the firewall machine or mix them? I understand that you can also remove the monitor once it is up and running. Would doing so require any special adapters to be plugged into the vid card or can the card be removed as well? Thanks in advance, -- John W __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/