The 2.2.3 kernel has some problems with the tcp/ip stack upgrade to 2.2.5 if you plan to use 2.2.x. And read the IPCHAINS howto
Charles Verge The Verge Internet Services http://www.theverge.com The place for your site ! On Mon, 12 Apr 1999, Fraser Campbell wrote: > I recently set up a firewall for a customer using slink and kernel > 2.2.3. I just want to verify that the setup is secure. I have read > through the Firewall HOWTO but it hasn't been updated since 1996 and > doesn't reflect the software I am using now ... so I ask here. > > eth0: 1.2.3.4 (external interface) > eth1: 192.168.1.1 (internal interface) > > The server has been running great without reboot for over a month and > everyone is very happy. The internal LAN consists of Windows (3.1, 95, > 98 and NT), Novell, DOS and Linux machines. > > Over the weekend the LAN administrator had some Novell accounts > disappear from one of the internal servers. He asked if someone could > have come through the firewall and done it. I find it doubtful but > thought I should ask people more knowledgeable than myself. > > There is no running inetd. netstat -a show this: > > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State > raw 0 0 *:1 *:* > raw 0 0 *:6 *:* > Active UNIX domain sockets (including servers) > unix 1 [ ] STREAM CONNECTED 22313 @00000011 > unix 1 [ ] STREAM CONNECTED 35 @00000002 > unix 1 [ ] STREAM CONNECTED 29 @00000001 > unix 0 [ ACC ] STREAM LISTENING 26 /dev/log > unix 1 [ ] STREAM CONNECTED 22314 /dev/log > unix 1 [ ] STREAM CONNECTED 36 /dev/log > unix 1 [ ] STREAM CONNECTED 30 /dev/log > > I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains. My ipchains > rules are as follows: > > ipchains -P forward DENY > ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0 > > which listing chains give: > > Chain input (policy ACCEPT): > Chain forward (policy DENY): > target prot opt source destination > ports > MASQ all ------ 192.168.1.0/24 anywhere n/a > Chain output (policy ACCEPT): > > How secure is this setup? Is there any way for people on the Internet > to come through and connect to internal hosts? > > Also, I have installed ipac in the hope that I can monitor connection > attempts from outside our network. Does the slink ipac package work with > ipchains and kernel 2.2.x? > > Thanks for your time and any assistance! > > Fraser > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
