[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP Masq



On Tue, 16 Mar 1999, Torsten Landschoff wrote:

> Ahem - this way you block portmap from the outside but let everything else in.
> That's bad! And, of course - portmap alone will not buy you anything, you will
> need to enable rpc.mountd and rpc.nfsd to the inside too.

I understand that, after reading through all the documentation that I've
got here, but please explain one thing to me.  That hosts.deny file you
saw was DIRECT from the default installation, if it's so bad to have it
set that way, why didn't they TELL people?

Besides, that file is actually irrelevant to me, as I'm running IP
Masquerading and a few other things that attack the incoming connection
first... mainly I deny access from outside to everything.  The hosts.deny
file is just used (by myself anyway as far as I can tell) by my internal
network, and I _WANT_ all of the ports in the internal network to work.

> > These files are VERY important, without them setup correctly, no matter
> > what I did I couldn't do anything.
> 
> With your setup you could do nearly everything.

Really?  Then why couldn't I?

> > For your information portmap refers to the gateway/hosts DNS server, and
> > the above files should be on the gateway/host.
> 
> portmap is not a dns server. The dns is called named. portmap is a program to

I was attempting to simplify my explanation, sorry if it has offended you
slightly, or put your back up.  A better wording would be :-

"For your information portmap refers to the system you are calling your
gateway/host, and the above files should be similar to those you have on
your gateway/host."

> enable remote procedure calls (rpc) so you can use services like network
> information system (nis) or network file system (nfs). You do not want to open
> these to the outside!

But the problem he was experiencing (and so was I until I changed my files
to the above settings) was that if you came in from outside you _COULD_
access everything, but coming in from the local network - nothing at all.

My system runs very well now, I've got a secondary machine that I
occassionally have linux running on it, but more often has OS/2 or Win95
running on it (for web page design more than anything else).

BTW - I believe that I already have had one person (at least) attempt to
get into my system from outside, it was pretty slack the way he tried so
it was only half-hearted, but as I expected - bounce... <grin>

Regards,
	Peter Ludwig



Reply to: