Re: [expert] Firewalling [was dhcp]
I'm pretty sure that most of what ICS accomplishes is done through iptables, and from what I saw not in too secure a manner (at least it doesn't in the high level security setting). For the most part, if you know what you are doing, you can replace /etc/rc.d/rc.firewall script with your own. I'm not too sure how the Mandrake configuration tools are affected by such a move (I find GUI tools sometimes frustrating), but I haven't had any problems so far -- probably because I haven't tried to further alter anything with the tools. FYI, one of the nicer iptables firewalling scripts I've found for a connection-sharing gateway machine can be obtained here: http://www.linuxguruz.org/iptables/scripts/rc.firewall_023.txt You can find a lot of other good scripts at the same site (http://www.linuxguruz.org/iptables) which makes it a great site for studying how to configure packet filtering and NAT. For those familiar with shell scripting, the above script should be pretty self-explanatory (it actually has decent comments embedded for your learning pleasure), and with a few mods here and there, you should be able to generate a halfway decent firewall. Note that this one allows external machines to ping the firewall, which I prefer to disable. Please make sure that you review these scripts and understand them before blindly using them! It is probably wise to just use them as a guide to writing your own script. Finally, a few good places to test your firewall configuration after you have it set: http://www.dslreports.com/tools http://crypto.yashy.com/nmap.php https://secure1.securityspace.com/smysecure/norisk_index.html Happy firewalling! ROB Lyvim Xaphir wrote: snip Now, the downside to this is of course that you cannot access the internet directly through one of these private addresses. In order to do that, you must translate your local ip addresses into a bona fide *public* type IP address. This is what's called Network Address Translation, or NAT. There are several options for installing NAT on your system such that anyone on your local net can access the internet thru a system that's connected to the internet. Such a connected system in this case is called a gateway. One way I do it here (because it's quick and dirty) is by using the Internet Connection Sharing (ICS for short) option in the Mandrake Control Panel. The advantage is that if you have 98 or winblows machines (like I do here), ICS on Mandrake is an excellently compatible way to get them on the internet all at the same time, transparently. There are probably more superior ways to do this. For example, with the use of iptables (supposedly an ipchains replacement) you are able to run a script and instantly set up both NAT, packet filtering, and packet mangling rules at the same time. (if you know what you are doing.) This is what I've been interested in. There are alot of scripts out there to accomplish this, but a lot of it still seems to be sort of bleeding edge. Some scripts work, others don't, it's kind of like russian roulette. In the meantime I've stuck with Mandrake Control Center ICS until I get an iptables script ready. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewalling
Make sure that the ipchains compatibility module isn't loaded first. rmmod ipchains You will also want to run drakconf and in the services section, uncheck (turn off) ipchains. iptables and ipchains are mutually exclusive. Woody On Wed, 2001-10-24 at 11:36, jarmo kettunen wrote: Looking after modules I can find themNow getting new message when trying to insmod modules. [root@oh1mrr root]# insmod /lib/modules/2.4.13-pre6/kernel/net/ipv4/netfilter/ip_tables.o /lib/modules/2.4.13-pre6/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters -- Woody ([EMAIL PROTECTED]) --- Gatewood Green Web Developer http://www.linux.org/ The first stop for Linux info on the Net Email: [EMAIL PROTECTED] --- All opinions expressed by me are my own and not necessarily endorsed by Linux Online, Inc. or Linux Headquarters, Inc. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewalling
Ahoi I am now struggling with firewall buildingHave tried GuardDog,Firestarter Bastille...etc.Getting info,that I should upgrade my iptables or kernel Have linux-2.4.13 running in mdk8.1 with ext3fs. Looking after modules I can find themNow getting new message when trying to insmod modules. [root@oh1mrr root]# insmod /lib/modules/2.4.13-pre6/kernel/net/ipv4/netfilter/ip_tables.o /lib/modules/2.4.13-pre6/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters To me this does not tell anything,but looking somebody who has ahaa to tell me and propably make twisted model how to make things working. My mdk installation is upgrade over mdk-freq-2. Otherway this system is running okFine piece of art! TNX jarmo [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewalling on 2.2: UPDATE
Ok, I have since reinstalled Mandrake and was lazy and didn't do the kernel update (as suggested by updates page for security) and the network survived the 20 hr mark. (where the network died before) I didn't realize this (I attributed this to something else) and updated the kernel to 2.2.9-27mdk. 20 hours later, the network died!. So I'm back to the original kernel 2.2.9-19mdk (with the "networking security bug" and all. I don't know what to attribute this to. My past suspicions relate to the dhcpcd, but I have no idea if that relates to the kernel. If anyone has ideas on why this works let me know, thanks! --- ShawnDo [EMAIL PROTECTED] wrote: Date: Thu, 22 Jul 1999 04:19:58 -0400 (EDT) From: ShawnDo [EMAIL PROTECTED] Subject: [expert] Firewalling on 2.2 To: [EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] I installed the new mandrake release and promptly setup the ipchain rules using the 3 step process in the ipchains HOWTO. It works perfectly for about 20 hours, then for some reason, the Network just dies., can't ping anything, including my internal network!.(no error messages either) I have done all the updates, but I just can't figure it out. I reboot, then everything works fine again, for about another 20 hours. It happens wether the network is IDLE or actively downloading stuff. sometimes it is the only the outside interface that dies. I have been runn Mandrake 5.3 for a very long time, and it had no problems, so Its not the hardware. And it is not I have 2 SMC 10 mbit cards (ne2k) the outgoing interface is eth1 and the internal interface is eth0 I am using Time Warner's Road Runner, and I am using a perl MD5 login script that has been working for the past 10 months (hourly cron job) I'm going to try redhat 6.0 if I can't solve this thing by this weekend, but Im worried I will run into the same problem. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
[expert] Firewalling on 2.2
I installed the new mandrake release and promptly setup the ipchain rules using the 3 step process in the ipchains HOWTO. It works perfectly for about 20 hours, then for some reason, the Network just dies., can't ping anything, including my internal network!.(no error messages either) I have done all the updates, but I just can't figure it out. I reboot, then everything works fine again, for about another 20 hours. It happens wether the network is IDLE or actively downloading stuff. sometimes it is the only the outside interface that dies. I have been runn Mandrake 5.3 for a very long time, and it had no problems, so Its not the hardware. And it is not I have 2 SMC 10 mbit cards (ne2k) the outgoing interface is eth1 and the internal interface is eth0 I am using Time Warner's Road Runner, and I am using a perl MD5 login script that has been working for the past 10 months (hourly cron job) I'm going to try redhat 6.0 if I can't solve this thing by this weekend, but Im worried I will run into the same problem. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: [expert] Firewalling on 2.2
On Thu, 22 Jul 1999, ShawnDo wrote: I installed the new mandrake release and promptly setup the ipchain rules using the 3 step process in the ipchains HOWTO. It works perfectly for about 20 hours, then for some reason, the Network just dies., can't ping anything, including my internal network!.(no error messages either) I have done all the updates, but I just can't figure it out. I reboot, then everything works fine again, for about another 20 hours. It happens wether the network is IDLE or actively downloading stuff. sometimes it is the only the outside interface that dies. I have been runn Mandrake 5.3 for a very long time, and it had no problems, so Its not the hardware. And it is not I have 2 SMC 10 mbit cards (ne2k) I'd start here, are you sure you have the correct driver? the outgoing interface is eth1 and the internal interface is eth0 I am using Time Warner's Road Runner, and I am using a perl MD5 login script that has been working for the past 10 months (hourly cron job) I'm going to try redhat 6.0 if I can't solve this thing by this weekend, but Im worried I will run into the same problem. Are you sure it's the firewalling? Did you check for a posible loop in your ipchains? Heat? Is anything logged?
[expert] firewalling
Hi, I've putted up a firewall with no securities. Because all I need is love (no I'm joking) all I needed was more IP address. All is working fine, except that if I connect from behind the firewall to the net by ftp. this way, all I can do is cd or pwd, if I try a ls or get, I've got a time-out . Here's my ipfwadm config : ipfwadm -F -f ipfwadm -F -p accept ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0 thanks for help - Jose JORGE BU Mirail Université Toulouse 2 Tél : 05 61 50 40 59
