firewall problem again

root at port11.ath8.ppp.hol.gr root at port11.ath8.ppp.hol.gr
Thu Feb 18 05:05:00 EET 1999 

(Prwta apo olla, gia ton Othona : ma kai fysika exw energopoiimeno 
to forwarding)

>   Kapoios ap' tous dio mas exei mperdeutei, opote dieukrinise mou kati: to
> x.x.x.8 einai IP address kapoiou sigkekrimenou mixanimatos, 'i einai to
> network address tou topikou diktiou? 

Den kanw lathos, exw netmask 255.255.255.252, dhl 4 IP numbers :
1 gia network (.156) 1 gia to Linux (.157) ena gia to mhxanima
pou tha parei static IP (.158) kai ena gia broadcast (.159)

> Episis kati de mou arese stin entoli
> tou masqueraded, ipenthymizo:
> 
> ipfwadm -F -i m -S 192.168.0.0/255.255.255.255 -D 0.0.0.0/0

Em, an grafw e-mail ksimerwmata kai den exw kimithei ayta kanw :-)

> 'i pou feugoun ta paketa 'i opoio na 'nai, opote eisai sigouros oti to na
> dineis pantou to eth1 einai to sosto? Kane merika peiramata kai vlepoume.

Mwre an then toy prosdiorisw to mhxanima kai to device "ta paizei" xeirotera.
Toylaxiston etsi psilodouleyei.
Loipon dieykrinizw, aythn thn stigmh exw :

--------
ipfwadm -F -p accept    <------- kai ayto tha to eithela deny
ipfwadm -O -p accept
ipfwadm -I -p accept
ipfwadm -F -f
ipfwadm -O -f
ipfwadm -I -f

ipfwadm -F -a m -S 192.168.0.0/255.255.255.0 -D 0.0.0.0/0

#ayto tha to aferesw an h policy ginei deny
ipfwadm -F -a reject -S 0.0.0.0/0 -D 192.168.0.0/255.255.255.0 -o

ipfwadm -F -a accept -V my.linux.static.ip -W eth1 \ 
        -S my.broadcast.ip/255.255.255.252 \
	-D 0.0.0.0/0

ipfwadm -F -a accept -V my.linux.static.ip -W eth1 \ 
        -S 0.0.0.0/0 1024:65535 \ 
	-D my.broadcast.ip/255.255.255.252

-------------
To masquarading doulevei outws h allos swsta.
Gia to allo mhxanima ola douleuoun, alla me default policy accept
(kai to anapodo : me policy deny, asxetws ti kanones balw den douleuei
tipota)

Exw kanei kai diaforous sindiasmous, opws anti tis teleyteas entolhs 
na anoigw sigkekrimenes portes (px 80) kai na kanw reject alles, 
parakolouthontas ta minimata toy kernel otan ginetai to reject k.o.k
Kalws exontwn twn pragmatwn exw ftasei sto shmeio na mhn me endiaferei
h default policy kai toso, giati exw fiaksei toys kanones etsi wste oti 
den thelw na perasei na to kanw reject kai log, kai AYTO douleuei.
To gamoto einai omws giati na mhn ginetai opws ypotithetai oti tha 
eprepe.

I.Ioannou <roryt at hol.gr>
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users
====================================================================

More information about the Linux-greek-users mailing list