NFS & Firewall
Filippos Slavik
slavik at alfa.gr
Wed Sep 8 09:10:16 EEST 1999
Megale me eftiakses. Sou xrwstaw enan wraio kafe sthn Kerkyra!
Filika
Slavikos
################################################################
Filippos Slavik
Part of the SIAMS's implementation development team. For more
information, please check http://www.siams.net
e-mail : slavik at alfa.gr
################################################################
"The software said 'runs on Win95 or better,' so I installed
it on Linux..."
----- Original Message -----
From: Bob H. Tikos <tikos at cis.upenn.edu>
To: <linux-greek-users at hellug.gr>
Sent: Tuesday, September 07, 1999 8:39 PM
Subject: Re: NFS & Firewall
: Filippos Slavik wrote:
: >
: > : On 06-Sep-99 Filippos Slavik wrote:
: > : > to mount sto remote fs) opou paizei kai to firewall afinw na
: > perasoun
: > : >
: > : > *) udp & tcp sto port tou portmapper
: > : > *) udp & tcp sto port tou mountd
: > : > *) nfs pou paizei sto 2049 den akoumpaw mias kai pernaei apo
to fw
: > : >
: > : > parol'auta den paizei... mhpws ksexasa tipote ? kamia idea ?
: > :
: > : Tipota alles portes panw apo to 1024. Giati den bazeis oles tis
: > portes
: > : anoiktes, alla me log ta paketa apo ton kernel, (h kai to
anapodo :
: > oles kleis
: > : tes me log ta paketa), na deis poies anoigoun tin stigmh pou
: > epixireis to mount
: > : ?
: >
: > Gia thn wra epaiza me tcpdump na dw ti pernaei alla xwris kai poly
: > megalh epityxia, alla auto pou les einai to poio swsto. To thema
einai
: > oti den kserw pws na kanw to ipchains na mou kanei log ola ta
paketa
: > pou kobontai *GENIKA*. Bebaia kai to ipchains pernei thn para. -l
wste
: > na kanei log ta paketa pou dexetai 'h kobei kapoio rule, alla the
me
: > eksyphretouse auto pou lew -> kane log auto pou telika kapoio rule
: > ekopse...
: >
: > Filika
: > Slavikos
: >
: > :
: > : I.Ioannou <roryt at hol.gr>
: > : --
: >
: Loipon paides exw na proteinw to ekseis:
:
: Otan thelei kaneis na kanei setup firewall (ipchains H ipfwadm)
: ena poly xrhsimo tool (kat'eme panta..) einai to :
:
: (apokoma apo freshmeat.net)
:
: Mason
: William Stearns - March 22nd 1999, 12:53 EST
:
: Mason is a tool that interactively builds a firewall using Linux'
: ipfwadm or ipchains
: firewalling. You leave mason running on the firewall machine while
you
: are making all the
: kinds of connections that you want the firewall to support (and want
it
: to block). Mason
: gives you a list of firewall rules that exactly allow and block
those
: connections. It can
: either build a firewall from scratch for you or supplement an
existing
: firewall.
:
: urls
:
: Download:
: http://users.dhp.com/~whisper/mason/mason-0.12.0.tar.gz
: Red Hat Packages:
: http://www.pobox.com/~wstearns/mason/mason-0.12.0-1.noarch.rpm
: Homepage:
: http://www.pobox.com/~wstearns/mason/
:
: Se genikes grames m' exei bohthisei afantasta kai sto na katalabw ti
: esti "firewall rules" kai sto na kanw setup ta dika mou ta firewalls
: (trexw tria firewalls auth ti stigmh, se tria diforetika shmeia ths
: perioxhs). Auto pou synystw sthn parapanw periptwsh einai :
:
: Fillipe, (kai opoios alos "of course")
: katevase to "mason" . Compile i install (apo rpm).
: - mpes sto /etc/masonrc kai koitakse prosektika ta variables. Gia
twra
: bale "accept" sto NEWRULEPOLICY, "reject" sto DEFAULTPOLICY, kai
: "reject" sto FLUSHPOLICY. Ola ta ypoloipa ta exw afisei etsi opws
: htan.
: - katw apo to /var/lib/mason/ koitakse ta "baserules" kai "newrules"
: fakela
: na einai adeia.
: - meta trekse to "mason-gui-text" kai arxise "BL" (Begin Learning)
mode.
:
: kata th diarkeia tou "BL" arxhse ta nfs requests apo ton client.
: tote tha deis "traffic" ston orizonta.... eh.. (mia parenthesh:
: panta protimw na douleuw me dyo-tria-tessera xterms kai panta
: sto ena trexw tail -f /var/log/messages). Otan katafereis na kaneis
: mount ton server ston client, kane ena "EL" sto parathiro tou
"mason"
: (EL = End Learning)
: - umount ton server.
: - "Q" ston mason
: - trekse ksana to /etc/rc.d/firewall.sh (or
: /opou/to/exeis/topothethsei/firewall.sh) script
: gia na to epanafereis sthn arxikh tou thesh. (THIS IS A MUST!!!!!
: giati panta tha menei
: anoixto meta apo ena "mason run"
: - twra :
: to "newrules" exei mesa recorded ta rules gia ta "nfs attempts"
pou
: ekanes .
: - cut and paste sto firewall.sh kai eise mesa. ( an exeis "reject
all
: all" rules prepei
: na ta kaneis "prepend" giati meta apo ena reject-any-any rule
then
: pianei tipota)
: - ksana trekse to firewall.sh kai dokimase to nfs-mount.
: (prepei na douleyei "like a charm". EKTWS kai an mou diefyge
tipota)
: - katharise ta "baserules" kai "newrules" files (egw ta kanw copy
prwta
: me *.1,*.2 klp)
: gia na eise etoimos gia to epomeno "mason run"
: - A kai kati allo. As mh ksexname: RTFM !!!! it helps.
:
: Auta . ouf.
: Euxomai na bohthisa
:
: Mpamphs.
: (pw..pw.. megalo e-mail... prwth fora mou 'tyxe)
:
: PS :
: Kai gia tous seismopatheis: paidia kouragio. O Theos tha valei
to
: xeri Tou.
:
:
: --
: Haralabos Bob Tikos -Systems Programmer/Admin.
: Eniac2000 Project, CIS Department, University of Pennsylvania
: http://reno.cis.upenn.edu Tel.: +.215.573.8149
: "Power should be distributed equally among those who are not in love
: with it" Plato
: --
: ====================================================================
: Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
: Ta archives tis listas einai sto http://lists.hellug.gr/archives
: prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
: Gia opoiodipote problima stilte e-mail ston
owner-linux-greek-users at hellug.gr
: ====================================================================
:
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/archives
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================
More information about the Linux-greek-users
mailing list