Re: Firewall Rules

To: Debian List <debian-user@lists.debian.org>
Subject: Re: Firewall Rules
From: Osamu Aoki <debian@aokiconsulting.com>
Date: Tue, 9 Jan 2001 02:08:44 -0800
Message-id: <[🔎] 20010109020844.B3579@mickey.lan.aokiconsulting.com>
In-reply-to: <[🔎] 20010108223345.F2025@mail.serensoft.com>; from will@serensoft.com on Mon, Jan 08, 2001 at 10:33:45PM -0600
References: <[🔎] 20010107131629.A3144@starport.org> <[🔎] 20010108223345.F2025@mail.serensoft.com>

ipmasq is good way to start ip masq running.

But it has very relaxed policy for ip connection.

I use it with some mod.  I added few new rules which basically
shut off all unused server connection (1-1023) and my ISP's NNTP
portscans.

You will be surprised how much strange connection try I get on 
my cable connection.

I keep a copy of my modified scripts in use (tar.gz of /etc/ipmasq)
on my website"s /pub area.  www.aokiconsulting.com/pub/

Also having very tight policy helps to identify the port needed to 
be open.

You try VPN first.  Then fail.  You have kernel.log with port number!

Good luck.

Osamu


On Mon, Jan 08, 2001 at 10:33:45PM -0600, will trillich wrote:
> On Sun, Jan 07, 2001 at 01:16:29PM -0700, JD Kitch wrote:
> > I have 2 nics in my Linux box.  One connected to my cable modem, and
> > the other has a windows machine attached to it, which I do
> > masquerading for.  I need to be able to connection via VPN from the
> > windows box to an outside host.  Is there a way to easily determine
> > what ports needs to be opened to accomplish this, or is there a way
> > to masquerade for the windows machine, but not do any firewalling for
> > that machine specifically, while still protecting my linux box?
> > 
> > And lastly, can any one tell me what rule I could implement to still
> > be able to use Napster?
> 
> there's several things to resolve, and probably a few more that
> are beyond my awareness -- but here's what i'd look for:
> 
> 1) modconf -> ipv4 -> select and install ip-masq modules that
> look like they'd help with what you're after.
> 
> 2) apt-get install ipmasq ... it'll take much of the worry and
> sweat out of configuring your firewall rules.
> 
> 3) keep reading and soon someone will continue this thread
> showing where i'm all wet.
> 
> -- 
> See, if you were allowed to keep the money, you wouldn't
> create jobs with it. You'd throw it in the bushes or
> something.  But the government will spend it, thereby
> creating jobs.      -- Dave Barry
> 
> will@serensoft.com    ***    http://www.dontUthink.com/
> 
> volunteer to document your experience for next week's
> newbies -- http://www.eGroups.com/messages/newbieDoc
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
> 

-- 
+  Osamu Aoki <debian@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D  +
+   Fingerprint: 814E BD64 3288 40E7 E88E  3D92 C3F8 EA94 D5DE 453D   +
+   === http://www.aokiconsulting.com ======= Cupertino, CA USA ===   +

Reply to:

References:
- Firewall Rules
  - From: JD Kitch <adahma@gmx.net>
- Re: Firewall Rules
  - From: will trillich <will@serensoft.com>

Prev by Date: Mail not bouncing back?
Next by Date: Re: Connection troubles
Previous by thread: Re: Firewall Rules
Next by thread: Wishlist project ?
Index(es):
- Date
- Thread