On Thursday 30 October 2003 07:01 am, Anne Wilson wrote: > So installing iptables will have no 'built-in' rules? That's what I > want, so that I can build it up a little at a time.
Yes, that is the way that I am running it, to supplement the hardware router because hardware routers are not really suitable for filtering as opposed to blocking. > The problem for me is that the hardware router does not allow > GnomeMeeting to have a range of ports open (it uses h.323 tunneling), > so I'm thinking that I will need, eventually, to set my box dmz and > rely on the software one, suitably configured. I am quite prepared > to make the switch to dmz for the duration of a session (it won't be > too frequent), but I want the second layer in first. Consequently, I > can use dmz to test the rules, going back behind the hardware f/w as > necessary. What kind do you have? You should be able to open up an entire range, as small or large as you want and configure GnomeMeeting to simply confine to that range. I have a range open for passive ftp and it appears to work fine. > My experience with using it to set up samba does not encourage me to > do it that way, but I thought that browsing the interface might give > me a better idea of the questions I need answering before actually > doing any configuration. As your rules get extended, Webmin will evenually break down and time out trying to display them all. At least, it does in my case, so I simply keep a bash script to issue the commands and periodically update and rerun the script to repopulate changes to my firewall. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
