Well, I got it all to work, even loging :-D
BIND is ran under user and group named, and restrained into a chroot jail.
My directory structure looks like:
*the file permissions are also configured according to the
Chroot-BIND-HOWTO
[EMAIL PROTECTED]:/# du -a /chroot
0 /chroot/named/dev/log
On Mon, Jul 02, 2001 at 06:27:55PM +0100, Leo Howell wrote:
> On Mon, Jul 02, 2001 at 06:30:01PM +0200, Daniel Faller wrote:
> > On Monday 02 July 2001 18:25, you wrote:
> > > ipmasquerading?
> >
> > No, they have public ip's and I would like to keep this setting. The clients
> > config should n
On Mon, Jul 02, 2001 at 10:38:20PM -0600, Stefan Srdic wrote:
> My questions are, what's the difference between a normal compilation and a
> statically linked one?
>
> Why would you place the C libraries into your chroot tree?
"Normal" means link against shared libraries. In that case, the prog
Well, I got it all to work, even loging :-D
BIND is ran under user and group named, and restrained into a chroot jail.
My directory structure looks like:
*the file permissions are also configured according to the
Chroot-BIND-HOWTO
root@NodeFilter:/# du -a /chroot
0 /chroot/named/dev/log
Davy Gigan wrote:
> Try to execute a csh script without this command present in your path,
> it won't work very well ;-)
> Maybye it should be a symbolic link to /usr/bin/test ?
>
> #!/bin/csh
> [ -d /bin ] && echo cool ;
Actually, this is classic Bourne shell syntax--the [ hard
link to test goe
also sprach GARGIULO Eduardo INGDESI (on Mon, 02 Jul 2001 04:25:57PM -0300):
> I was using ipchains, but now I have kernel v2.4.5 with iptables.
> I want to know how to monitor masqueraded connections. I mean the
> output of
>
> ipchains -L -M -v
>
> using iptables. I didn't found it in man iptab
Hi all.
I was using ipchains, but now I have kernel v2.4.5 with iptables.
I want to know how to monitor masqueraded connections. I mean the
output of
ipchains -L -M -v
using iptables. I didn't found it in man iptables.
thanks
--yapedu
Davy Gigan wrote:
> Try to execute a csh script without this command present in your path,
> it won't work very well ;-)
> Maybye it should be a symbolic link to /usr/bin/test ?
>
> #!/bin/csh
> [ -d /bin ] && echo cool ;
Actually, this is classic Bourne shell syntax--the [ hard
link to test go
Jamie Heilman <[EMAIL PROTECTED]> writes:
> Tim Haynes wrote:
>
> > H. I dislike the word `prejudice' there, even if it does sum my
> > approach to non-free up very well.
>
> I understand that feeling, I have it myself, its why I used the term. I'm
> not gonna let myself off the hook anymore
Tim Haynes wrote:
> H. I dislike the word `prejudice' there, even if it does sum my
> approach to non-free up very well.
I understand that feeling, I have it myself, its why I used the term. I'm
not gonna let myself off the hook anymore than anyone else, I get on my
soapbox regularly and ran
also sprach GARGIULO Eduardo INGDESI (on Mon, 02 Jul 2001 04:25:57PM -0300):
> I was using ipchains, but now I have kernel v2.4.5 with iptables.
> I want to know how to monitor masqueraded connections. I mean the
> output of
>
> ipchains -L -M -v
>
> using iptables. I didn't found it in man ipta
On Mon, Jul 02, 2001 at 06:30:01PM +0200, Daniel Faller wrote:
> On Monday 02 July 2001 18:25, you wrote:
> > ipmasquerading?
>
> No, they have public ip's and I would like to keep this setting. The clients
> config should not change at all.
Then I would go with bridging all the way. I use it he
I want to suggest here to add Linux/(POSIX) capability support within the usual
daemon-boot scripts.
like this:
*** /etc/init.d/skeletonTue Mar 3 13:04:00 1998
--- /home/ct/skeleton.lcap Mon Jul 2 18:38:08 2001
***
*** 14,21
--- 14,23
DAEMON=/usr/sbin/daemon
Hi all.
I was using ipchains, but now I have kernel v2.4.5 with iptables.
I want to know how to monitor masqueraded connections. I mean the
output of
ipchains -L -M -v
using iptables. I didn't found it in man iptables.
thanks
--yapedu
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a s
On Monday 02 July 2001 18:25, you wrote:
> ipmasquerading?
No, they have public ip's and I would like to keep this setting. The clients
config should not change at all.
Daniel
_
Daniel Faller
Fakultaet fuer Physik
Abt. Honerkamp
Albert-Ludwigs-Unive
Jamie Heilman <[EMAIL PROTECTED]> writes:
> Tim Haynes wrote:
>
> > H. I dislike the word `prejudice' there, even if it does sum my
> > approach to non-free up very well.
>
> I understand that feeling, I have it myself, its why I used the term. I'm
> not gonna let myself off the hook anymor
ipmasquerading?
- Original Message -
From: "Daniel Faller" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, July 03, 2001 2:21 AM
Subject: Proxy arp or bridge ?
> Hi,
>
> sorry if this is a little bit off topic:
>
> I am supposed to set up a firewall for ~ 60 PC's belonging to a part of a
> subne
Hi,
sorry if this is a little bit off topic:
I am supposed to set up a firewall for ~ 60 PC's belonging to a part of a
subnet.
As far as I have understood there are (at least) 2 possibilities for such a
setup.
- Use proxy arp, and set a route for every PC behind the firewall
- Configure the fi
Tim Haynes wrote:
> H. I dislike the word `prejudice' there, even if it does sum my
> approach to non-free up very well.
I understand that feeling, I have it myself, its why I used the term. I'm
not gonna let myself off the hook anymore than anyone else, I get on my
soapbox regularly and ra
On Mon, Jul 02, 2001 at 06:30:01PM +0200, Daniel Faller wrote:
> On Monday 02 July 2001 18:25, you wrote:
> > ipmasquerading?
>
> No, they have public ip's and I would like to keep this setting. The clients
> config should not change at all.
Then I would go with bridging all the way. I use it h
I want to suggest here to add Linux/(POSIX) capability support within the usual
daemon-boot scripts.
like this:
*** /etc/init.d/skeletonTue Mar 3 13:04:00 1998
--- /home/ct/skeleton.lcap Mon Jul 2 18:38:08 2001
***
*** 14,21
--- 14,23
DAEMON=/usr/sbin/daemo
On Monday 02 July 2001 18:25, you wrote:
> ipmasquerading?
No, they have public ip's and I would like to keep this setting. The clients
config should not change at all.
Daniel
_
Daniel Faller
Fakultaet fuer Physik
Abt. Honerkamp
Albert-Ludwigs-Univ
ipmasquerading?
- Original Message -
From: "Daniel Faller" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 03, 2001 2:21 AM
Subject: Proxy arp or bridge ?
> Hi,
>
> sorry if this is a little bit off topic:
>
> I am supposed to set up a firewall for ~ 60 PC's belonging to
Hi,
sorry if this is a little bit off topic:
I am supposed to set up a firewall for ~ 60 PC's belonging to a part of a
subnet.
As far as I have understood there are (at least) 2 possibilities for such a
setup.
- Use proxy arp, and set a route for every PC behind the firewall
- Configure the f
"syborg" <[EMAIL PROTECTED]> a écrit :
| >
| > The first cuts all interfaces, the second only eth0.
|
| Yes, I want only block from eth0, I also block from all eth interfaces
"All interfaces" includes loopback ...
| > Is your W2k really 192.168.1.1 ?
| No it is only example, normal the IP was f
>
> | I check this with this 2 rules, for me work with the same, at this
> | moment.
>
> The first cuts all interfaces, the second only eth0.
Yes, I want only block from eth0, I also block from all eth interfaces
> Is your W2k really 192.168.1.1 ?
No it is only example, normal the IP was from I
On 2001.07.01, Vineet Kumar <[EMAIL PROTECTED]> wrote:
> Also, you need not run 2 separate instances of bind to get the
> functionality described below. I can't tell by your description
> exactly what access you're allowing to each interface, but mine looks
> something like this:
>
> the Internet
also sprach Dossy (on Sun, 01 Jul 2001 10:10:42PM -0400):
> No. IIRC, 53/tcp is also used for DNS queries (not just XFER's)
> when the size is larger than the RFC specifies for the UDP-based
> payload. Or, some such type of edge-case of the DNS spec.
uhm - which is only the case if you slave a w
"syborg" <[EMAIL PROTECTED]> a écrit :
| >
| > The first cuts all interfaces, the second only eth0.
|
| Yes, I want only block from eth0, I also block from all eth interfaces
"All interfaces" includes loopback ...
| > Is your W2k really 192.168.1.1 ?
| No it is only example, normal the IP was
Jamie Heilman <[EMAIL PROTECTED]> writes:
> > forget it.
> > 1. non-free
>
> Certainly, that is something to consider, if your prejudice is that way
> bent. I tend to judge software more on its technical merit than on its
> distribution policies.
H. I dislike the word `prejudice' there, eve
> forget it.
> 1. non-free
Certainly, that is something to consider, if your prejudice is that way
bent. I tend to judge software more on its technical merit than on its
distribution policies. At any rate, maradns is of similar design, and it
is DFSG compliant, if you want yet another alternativ
>
> | I check this with this 2 rules, for me work with the same, at this
> | moment.
>
> The first cuts all interfaces, the second only eth0.
Yes, I want only block from eth0, I also block from all eth interfaces
> Is your W2k really 192.168.1.1 ?
No it is only example, normal the IP was from
Hi,
I managed it this way : (Based on the levy.pl script, which genberated a
good framework)
This will allow all lan->internet traffic, and only accepts Mail from the
internet, forwarding it to an internal mailserver. This is just an
example, without any guarantee.
I hope it clears out a b
On 2001.07.01, Vineet Kumar <[EMAIL PROTECTED]> wrote:
> Also, you need not run 2 separate instances of bind to get the
> functionality described below. I can't tell by your description
> exactly what access you're allowing to each interface, but mine looks
> something like this:
>
> the Internet
also sprach Dossy (on Sun, 01 Jul 2001 10:10:42PM -0400):
> No. IIRC, 53/tcp is also used for DNS queries (not just XFER's)
> when the size is larger than the RFC specifies for the UDP-based
> payload. Or, some such type of edge-case of the DNS spec.
uhm - which is only the case if you slave a
I originally posted this on the GnuPG mailing list and recieved no reply.
Hopefully some debian
security buffs can help me with this.
I am having problems veryifing some keys signed with a key generated
with pgp2.6ui
The key wasn't self-signed originally. I was able to import it using
--allow-no
Goodday ladies and fella's
I have just installed the new 2.4 kernel on one of my potato boxes and am
fighting with iptables to forward mail from external ip to internal mail
server
ie 1.2.3.4:25 --> 192.168.x.y:25
Has anyone managed to pull this off, and if so can someone please HELP
me :)
Kind
Dossy <[EMAIL PROTECTED]> writes:
> On 2001.07.01, Tim Haynes <[EMAIL PROTECTED]> wrote:
>
> > If it's Bind security you're worried about, btw, can you not firewall
> > out 53/tcp altogether as well?
>
> No. IIRC, 53/tcp is also used for DNS queries (not just XFER's) when the
> size is larger tha
"syborg" <[EMAIL PROTECTED]> a écrit :
| I check this with this 2 rules, for me work with the same, at this
| moment.
The first cuts all interfaces, the second only eth0.
| Under W2k, after scan, I find also in log info that the host of the addres
| 192.168.1.1
| have restriction, but I can conn
Jamie Heilman <[EMAIL PROTECTED]> writes:
> > forget it.
> > 1. non-free
>
> Certainly, that is something to consider, if your prejudice is that way
> bent. I tend to judge software more on its technical merit than on its
> distribution policies.
H. I dislike the word `prejudice' there, ev
> forget it.
> 1. non-free
Certainly, that is something to consider, if your prejudice is that way
bent. I tend to judge software more on its technical merit than on its
distribution policies. At any rate, maradns is of similar design, and it
is DFSG compliant, if you want yet another alternati
Hi,
I managed it this way : (Based on the levy.pl script, which genberated a
good framework)
This will allow all lan->internet traffic, and only accepts Mail from the
internet, forwarding it to an internal mailserver. This is just an
example, without any guarantee.
I hope it clears out a
I originally posted this on the GnuPG mailing list and recieved no reply. Hopefully
some debian
security buffs can help me with this.
I am having problems veryifing some keys signed with a key generated
with pgp2.6ui
The key wasn't self-signed originally. I was able to import it using
--allow-n
Goodday ladies and fella's
I have just installed the new 2.4 kernel on one of my potato boxes and am
fighting with iptables to forward mail from external ip to internal mail
server
ie 1.2.3.4:25 --> 192.168.x.y:25
Has anyone managed to pull this off, and if so can someone please HELP
me :)
Kin
I got the impression that Stefan's bind was used for caching and
forwarding only; he can safely block external access to 53/tcp.
Also, you need not run 2 separate instances of bind to get the
functionality described below. I can't tell by your description
exactly what access you're allowing to eac
Dossy <[EMAIL PROTECTED]> writes:
> On 2001.07.01, Tim Haynes <[EMAIL PROTECTED]> wrote:
>
> > If it's Bind security you're worried about, btw, can you not firewall
> > out 53/tcp altogether as well?
>
> No. IIRC, 53/tcp is also used for DNS queries (not just XFER's) when the
> size is larger th
46 matches
Mail list logo
