Re: ipchains firewalling question

1999-09-03 Thread Patrick Olson
> Yes. It's a protocol which allows a system to ask a system with which > it has a TCP connection to give it some information about who's on the > other end of that connection. This is useful for auditing purposes, > although you can only trust the information as much as you can trust the > remo

Re: ipchains firewalling question

1999-09-03 Thread Patrick Olson
On Fri, 3 Sep 1999, Mario Olimpio de Menezes wrote: > accordingly to the man page (ipchains(8)): > > --destination-port [!] [port[:port]] > This allows separate specifiction of the ports. > See the description of the -s flag for details. > The f

Re: ipchains firewalling question

1999-09-03 Thread Mario Olimpio de Menezes
On Fri, 3 Sep 1999, Mark Brown wrote: > > > Unfortunately, ipchains does not like --dport: > > The option is --destination-port. > accordingly to the man page (ipchains(8)): --destination-port [!] [port[:port]] This allows separate specifiction of the ports. S

Re: ipchains firewalling question

1999-09-03 Thread Mark Brown
On Thu, Sep 02, 1999 at 10:53:49AM -0700, Patrick Olson wrote: > > Make sure you're allowing ident connections. Even if you don't answer > > them, you want to refuse connections rather than dropping the packets. > > Some systems will timeout the connection attempt. > I'm a little confused here,

Re: ipchains firewalling question

1999-09-03 Thread Mark Brown
On Thu, Sep 02, 1999 at 10:55:56AM -0700, Patrick Olson wrote: > > if you use dhcp for anything, you must enable source/destination for > > 255.255.255.255 as well as the routes for this. This caught me some time > > ago :( > I don't think I use dhcp, but I'm not really sure about PPP. When usin

Re: ipchains firewalling question

1999-09-02 Thread Patrick Olson
> > I have the following specific questions: > > 1. Have I made any mistakes that could cause really annoying problems? > >(perhaps unintentionally blocking something that shouldn't be blocked) > > if you use dhcp for anything, you must enable source/destination for > 255.255.255.255 as well

Re: ipchains firewalling question

1999-09-02 Thread Patrick Olson
> > if you use dhcp for anything, you must enable source/destination for > > 255.255.255.255 as well as the routes for this. This caught me some time > > ago :( > > Make sure you're allowing ident connections. Even if you don't answer > them, you want to refuse connections rather than dropping t

Re: ipchains firewalling question

1999-09-02 Thread Mark Brown
On Thu, Sep 02, 1999 at 09:48:01AM -0300, Mario Olimpio de Menezes wrote: > On Wed, 1 Sep 1999, Patrick Olson wrote: > > I have the following specific questions: > > 1. Have I made any mistakes that could cause really annoying problems? > >(perhaps unintentionally blocking something that shoul

Re: ipchains firewalling question

1999-09-02 Thread Mario Olimpio de Menezes
On Wed, 1 Sep 1999, Patrick Olson wrote: > > > I am thinking of using IP chains to tighten security a little on my Debian > 2.1 box. Currently, I have it set up as follows: > > ipchains -P forward DENY > ipchains -A forward -s 192.168.1.9/255.255.255.255 -j MASQ > > Below is a much more invol

ipchains firewalling question

1999-09-01 Thread Patrick Olson
I am thinking of using IP chains to tighten security a little on my Debian 2.1 box. Currently, I have it set up as follows: ipchains -P forward DENY ipchains -A forward -s 192.168.1.9/255.255.255.255 -j MASQ Below is a much more involved setup I created based on the information in the HOW-TO. T