RE: Start up scripts
Henry Hollenberg speed@barney.iamerica.net
On Thu, 5 Mar 1998, Meskes, Michael wrote:
> IP masquerading can, but not some additional features like allowing ftp
> through IP masquerade (you know check for PORT command to enable
> backward connection).
>
> Thus you need the following modules (copied from my setup):
>
> ip_masq_vdolive 1 0
> ip_masq_quake 1 0
> ip_masq_ftp 1 2
> ip_masq_raudio 1 0
> ip_masq_irc 1 0
> ip_masq_cuseeme 1 0
>
> You could get rid of them if you don't waynt to allow the the program to
> be used or add a proxy for it.
I was planning on using passive ftp clients and allowing this in and out
with IP filters....seemed like alot less hassle and the browsers
(Netscape) support this already.
Now the others, boy, your having some fun....I imagine when I get this
firewall done, you and I are going to have to talk! :-). That sounds like
some neat stuff to try out.
But, for now, I think I must be more conservative....I've got this
Corporation and Hospital that aren't going to be real sympathetic with my
need to do irc, etc.... (I know it's important, but it's tough to convince
them sometimes....do you guys have to reuse your styrofoam coffee
cups....just wondering....:-)
I guess when that time comes I'd be more inclined to proxy those services.
I'd really like to follow the book for now and keep the kernel
non-modulated if at all possible.
Later on we ought to be able to tinker with variations on the
specification and start the most valuable phase of the project in my
opinion....accruing stats on exploits to "standard" firewall setups. This
information ought to be very valuable. But first you've got to have a
standard that data can be collected on so we can compare apples to apples.
hgh
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to listmaster@debian.org .
Reply to: