[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ADSL Masuerading with 2.4.7-10 and ipchains Q
- To: Shosh Kalson <kalson(at-nospam)bezeqint.net>
- Subject: RE: ADSL Masuerading with 2.4.7-10 and ipchains Q
- From: Dani Arbel <darbel(at-nospam)techunix.technion.ac.il>
- Date: Wed, 31 Oct 2001 08:25:12 +0200 (IST)
- Cc: <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <NCBBLIKDMLEIEOBEPBGACEIGCHAA.kalson@bezeqint.net>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Hi!
look in:
http://damyen.technion.ac.il/~dani/
The echo service is udp/tcp port 7
the (not complete) list of assigned service ports is usualy found in the
file /etc/services
to see what services are running in your system , issue the command (as
root)
netstat -n -a -p
the "listening" atribute means a service waiting to a client connection.
Dani
On Wed, 31 Oct 2001, Shosh Kalson wrote:
> Hi Dani,
>
> Please see my questions regarding your comments, below.
> (And thanks for your help).
>
> -----Original Message-----
> From: Dani Arbel [mailto:darbel@techunix.technion.ac.il]
> Sent: Tuesday, October 30, 2001 8:05 AM
> To: Shosh Kalson
> Cc: linux-il@linux.org.il
> Subject: RE: ADSL Masuerading with 2.4.7-10 and ipchains Q
>
>
> Hi!
>
> On Tue, 30 Oct 2001, Shosh Kalson wrote:
>
> > LAN is on eth1.
> >
> > I found that in order to get the masqerading to work I had to add the
> > following to my firewall script:
> >
> > ipchains -A input -i eth0 -s 10.0.0.138 -d 10.200.1.1 -j ACCEPT
> > ipchains -A output -i eth0 -s 10.200.1.1 -d 10.0.0.138 -j ACCEPT
>
> You probably needed it anyway. In the iptables example you can find
> similar lines for the gre tunnel (protocol 47).
>
> Where can I find the iptables example?
>
> >
> > I really have no idea if I've opened up a security hole or not (I sure
> hope
> > somebody will tell me if I have <g>)), but it works.
>
> If you do not run the echo service on the linux box you do not risk too
> much.
>
> This is probably a pretty stupid question, but I'll ask it anyway... What
> is the
> echo service?
>
> >
> > BTW, I notice that I'm blocking packets on eth0 going from
> > 10.200.1.1:1025/1026/64715 to 10.0.0.1:53 (PROTO=17). Can anybody tell me
>
> these are probably DNS lookup queries. did you define 10.0.0.1 as a dns
> server
> somewhere in 10.200.1.1 ?
>
> Yes, I thought that it might be DNS (that's the :53, right?). 10.200.1.1 is
> the address of eth0, which is connected to the adsl modem. As far as I know
> (but I'm
> still so new at this I not entirely sure), I didn't define anything for
> 10.0.0.1. I've noticed
> that the modem needs to "talk" to eth0, otherwise it drops the connection.
> Perhaps
> this is related to that?
>
> > what this might be?
> >
> > Regarding loading modules -- I have the same problem as you -- couldn't
> load
> > the FTP module for example. So I just commented out it out, figuring I'd
> > deal with it later. And, what do you know? I'm able to FTP from my
> windows
> > boxes. Maybe somebody can explain/comment?
> Sounds like a distro problem (or installation? maybe you did not ask for
> iptables/ipchains at install time?).
>
> My distro is RedHat 7.1. It didn't ask me about iptables/ipchains at
> install.
> It just asked if I wanted a strong, medium or no firewall. By the third
> time doing
> the installation <g> I told it no firewall, and setup my own (compiled from
> various
> examples) script. In all cases however, it set up ipchains.
>
> But anyway, it doesn't seem to matter that I can't tell it to load the ftp
> module. Perhaps
> it's already loaded or compiled into the kernel or something?
>
> Again, thanks for your help. I RTFM but sometimes (a lot) it's a little
> "hard to see the forest
> for all the trees."
>
> Regards,
> Shosh
>
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il