pare standard IDE cards left), I guess it
was simply the missing horsepower.
Unfortunately "intelligent" NICs that are sparing the CPU additional PIO
cycles usually only come in newer (PCI) or more expensive (EIDE) bus
systems. Another reason to upgrade...
Bye
Volker Tanger
ITK Security
should be comparatively safe (safer than directly
connected Win* machines, that is).
You're not safe at all against attacks (or misconfigurations) from the
inside with this technique, though...
I usually prefer physical separations of green/yellow/red networks, too,
so this setup should on
ptables -A FORWARD -p tcp -d ! (IP_of_MySMTP_1 IP_of_MySMTP_2)
> --dport 25 -j LOG --log-prefix "Access to suspicious SMTP: "
The only IP packet filter I am aware of that natively allows grouping
within rules is the OpenBSD pf packet filter.
Bye
Volker Tanger
ITK Security
the packets.
The FTP-conntrack can't look into the control channel and thus cannot
detect which data port will be used - thus no data port is ever opened.
One workaround would be to allow all outgoing connections and use
PASSIVE FTP...
Bye
Volker Tanger
ITK Security
ends at
least a 486DX2-66 for the standard German DSL hookups (kbit/s: 768down,
128up).
So simply check your ressource usage.
Bye
Volker Tanger
ITK Security
Herzlich willkommen vom 18.-24. Maerz 2004 auf unserem CeBIT-Messestand,
Halle 13, D 58 - unter dem Motto "DeTeWe- Your connectio
asks and use
> the DSL router as the gateway instead of adding additional hardware?
Again: these are just hub/switch outlets connected to one single
"internal side" port. Unless we are talking about professional WAN
routers (Cisco, Lucent, ...) of course...
Bye
Volker Tanger
>DSLrouter
> >| |
> >| |
> > Rou1 Rou2
> >| |
> >| |
> > --+-- --+--
> > LAN1LAN2
> >
> >
> > You'd be probably better/cheaper off with a multiport (!)
> > DSL-enabled firewa
-+--
LAN1LAN2
You'd be probably better/cheaper off with a multiport (!) DSL-enabled
firewall...
Good luck!
Volker Tanger
multiple PCI bus controllers only shared a common 1Gbit/s
interconnect bus. *sigh*
Bye
Volker Tanger
e two modules if they
> are unused for a longer time ? and how to load this to at boottime ?
man modutils
man modules.conf
alternatively: cook your own kernel with the proper parts included - for
a firewall preferrably monolithic without modules support. Makes hacking
the kernel much more difficult...
;-)
Bye
Volker Tanger
--
R) you
need to have the FTP ipfilter module installed as well and allow
ESTABLISHED as well as RELATED back in. The latter is needed to allow
the DATA connection from the server to the client.
Workaround is to switch the FTP clients to passive mode, which uses
outgoing-only connections.
Bye
Volker Tanger
--
allowed in the "Web surfing is okay" rule in the packet filter).
Either way, politely asking the FW admin will give you either the reason
or access...
Bye
Volker Tanger
--
---
Besuchen Sie unsere neuen Internet-Seite
s out
2.) comes from outside and goes to LAN
Usually MTAs look at MX records for mail delivery, so you won't be able
to use /etc/hosts for fudging - that file only can do A/PTR entries
(DNS-wise speaking).
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
WrangelstraĆe 100
D-10997
Greetings!
istene wrote:
I need to setup security for a net of 130 clients. I will use Gibraltar
and have, a debian-based distro and i plan to configure 2 or 3 firewalls.
Does any1 have experience of using linux-based firewalls with so many
clients (i will use NAT and have 13 static ips) ? If y
14 matches
Mail list logo
