Re: [suse-security] kernel 2.4.2 and (new) IP MasQ configuration
Ashley and other helpful list posters: Yes, please do. I appreciate your help in this matter. I am new to linux (less then 6 months serious exp) and want to keep my local lan secure. For you others: I apoligise if I intruded on your security discussions. I did NOT see a listserv for "idiots". I had no intentions of disturbing your "world" I only seek to learn what is (IMHO) a much better netowrking OS. In the short time I've used it, I'm inpressed. No, my real name does not appear in my emails sent. If ya really must know it's Bramton (NorDak Internet)
From: Ashley
To: suse-security@suse.com Subject: Re: [suse-security] kernel 2.4.2 and (new) IP MasQ configuration Date: Thu, 3 May 2001 11:00:47 -0700 MIME-Version: 1.0 Received: from [202.58.118.3] by hotmail.com (3.2) with ESMTP id MHotMailBCBAF530002040043251CA3A76030B230; Thu May 03 11:57:53 2001 Received: (qmail 14470 invoked by alias); 3 May 2001 18:57:20 -0000 Received: (qmail 14449 invoked from network); 3 May 2001 18:57:19 -0000 From suse-security-return-7039-ambrosius1972 Thu May 03 11:58:44 2001 Mailing-List: contact suse-security-help@suse.com; run by ezmlm Precedence: bulk X-No-Archive: yes list-help: mailto:suse-security-help@lists.suse.com list-unsubscribe: mailto:suse-security-unsubscribe@lists.suse.com list-post: mailto:suse-security@suse.com X-Mailinglist: suse-security Delivered-To: mailing list suse-security@lists.suse.com Message-ID: <20010503110047.E32593@rose.ashnet> Mail-Followup-To: suse-security@suse.com References: User-Agent: Mutt/1.3.12i In-Reply-To: ; from ambrosius1972@hotmail.com on Thu, May 03, 2001 at 02:36:19AM -0500 SuSEfirewall does not support iptables as shipped with 7.1, But it does recognized if you are using the 2.2.18 or 2.4 kernel and does the appropriate thing to setup ipchains.
I was just playing with netfilter yesterday (and the day before that, and the day before that... ). I'm masquerading a subnet behind a dynamic ppp link. I hacked together a SuSEesque init script and iptables rules script to setup up a iptables firewall for a stock 7.1 system. I will send it to you if you are interested.
Some good sites for netfilter: http://va.samba.org/netfilter/ http://www.BoingWorld.com/workshops/linux/iptables-tutorial/ http://ods.dyndns.org/ipt_flow.html http://www.cs.princeton.edu/~jns/security/iptables/ http://www.kalamazoolinux.org/presentations/20010417
On Thu, May 03, 2001 at 02:36:19AM -0500, Harold ! wrote:
Has anyone setup Connection sharing with kernel 2.4.2-4suse ?? I use a dialup connection and share it currently with IP Masq. Looking forward to migrating to netfilter's con sharing...
I am currently running ManDrake 7.2 on my "server" box, and and to replace it with SuSE (running the updated kernel. I know that IP Masq has been replaced with netfilter. My questions are as follows:
1. Is the neccessary utils bundled with SuSE 7.1 Pro (updated)? 2. Does the SuSEFirewall utility set this up? 3. If not Where can I find Idiot instructions?
Thank you for your time. Ambrosius1972@hotmail.com
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- -ashley
One of these days I'm going to completely organize my life.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Hello Harold ! Generally, don't use Kernel 2.4.x for firewalling in the next few months. The new possibilities are exciting, but lots of bugs have to be caught, before people can start using it in a secure way. Stay with 2.2.x kernels and learn ipchains. Learning Iptables (from 2.4.x) afterwards will be easier then. I also recommend the patch from www.openwall.com/linux, which adds (limited) support for non-executable-stack (against buffer overflows) and other goodies (proc filesystem restriction, which makes users unable to see the processes of other users). hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
participants (2)
-
Harold !
-
Markus Gaugusch