Re: network configuration for Eth0

To: debian-user@lists.debian.org
Subject: Re: network configuration for Eth0
From: Paul Cartwright <ale@pcartwright.com>
Date: Sat, 2 May 2009 06:15:04 -0400
Message-id: <[🔎] 200905020615.04431.ale@pcartwright.com>
In-reply-to: <[🔎] 20090502100033.GA10027@think.homelan>
References: <[🔎] 200905010536.06782.ale@pcartwright.com> <[🔎] 200905020538.38138.ale@pcartwright.com> <[🔎] 20090502100033.GA10027@think.homelan>

On Sat May 2 2009, Andrei Popescu wrote:
> > part of the problem was 2 files I had worked on that did give me
> > errors, and I removed them. 1 was ipv6,
>
> Do yo mean the module? If you don't want it loaded (though I have it and
> there are no problems) just blacklist it in a file (ex. 00local.conf)
> under /etc/modprobe.d/ with
>
> blacklist ipv6

actually, I was trying to setup IPv6, but I don't think my router supports it. 
So it isn't necessary. I'm not sure anything is loaded for ipv6.. how would I 
check?

>
> > the other was an iptables entry. I was trying to add an iptables entry
> > to allow ssh & http ports. I can get this to work from a shell script,
>
> I saw in the (sniped) output above that you also use firestarter. I
> don't think it's a good idea to mix firewall frontends with custom rules
> in some script. Pick one and stick to it.
>
> If firestarter can't do what you need (or don't know how to configure
> it) just ask for help, there are many others (personally I prefer
> shorewall, it's quite easy to setup and very powerful).

ok, so I have firestarter installed:

ii  firestarter    1.0.3-6        gtk program for managing and observing your 

what I want is a rule tht allows http for my web page to port forward from my 
router to my desktop, and also allow me to ssh into my desktop from my 
laptops. Right now I have it setup to use ssh keys for security, and I have 
to run that script every time i boot, to get my http ports open.
How do I get that done with iptables automatically at boot?
right now this is my script, but I'm not at all sure this is exactly what i 
need to run:
iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT
/sbin/iptables -N ssh-connection
/sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m 
recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j 
LOG --log-prefix "SSH_brute_force "
/sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m 
recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP
/sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m 
recent --set --name SSH -j ACCEPT

-- 
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459

Reply to:

Follow-Ups:
- Re: network configuration for Eth0
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: network configuration for Eth0
  - From: Thorny <thorntreehome@gmail.com>

References:
- network configuration for Eth0
  - From: Paul Cartwright <ale@pcartwright.com>
- Re: network configuration for Eth0
  - From: Paul Cartwright <ale@pcartwright.com>
- Re: network configuration for Eth0
  - From: Andrei Popescu <andreimpopescu@gmail.com>

Prev by Date: Re: network configuration for Eth0
Next by Date: Re: can not start apache in lenny
Previous by thread: Re: network configuration for Eth0
Next by thread: Re: network configuration for Eth0
Index(es):
- Date
- Thread