RE: [SLE] RE: Documentation (Was: RE: [SLE] Firewall setup in 6.4 )
Well, squid works ontop of ipchains. I ran out of time so I wans't really able to disable squid and try that. thanks for the tip though. What I would really love is to get my hands on the actual firewall script. I am thinking it may be worth my while to set up my own rules. there are a few thinggs that I would love to clarify though. 1.) Will I have to place my ISP DNS address in all my machines in order to resolve inet addresses, or will it automatically be resolved through pppd ? 2.) does anyone have any sample ipchains rules, for a typical home network. my setup is as follows 1- SuSE6.3 Firewall machine which also acts as a Wins server and windows Domain Controllor, 3- windows based machines, for teh rest of the fam 1- Dual boot SuSE/Windows Design Station. which will be all Linux soon. ( just got CorelDraw9 beta ) :) Rowan [TSS] Gerber Scientific Products http://www.gspinc.com
-----Original Message----- From: Chris.Smith@raytheon.co.uk [mailto:Chris.Smith@raytheon.co.uk] Sent: Monday, April 17, 2000 10:53 AM To: Paul Evans Subject: RE: [SLE] RE: Documentation (Was: RE: [SLE] Firewall setup in 6.4)
Hi,
** I have found the newbie help files (NHF) at http://www.linuxnewbie.org/ to ** be invaluable when you are not sure what to do. Not everything is covered, ** but what is there is explained so that we mere mortals can understand it!
Yes - they might be of help for some items but not necessarily firewalling with SuSE's firewall s/w. I've been in UNIX/Networks for at least 5 years and like hell I can get a SuSE firewall to do the job it's supposed to do without adequate documentation (which doesnt exist at the moment). I will say that LinuxNewbie.org is a lot more helpful than most of the LDP though :)
Chris.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 10:57 AM 04/17/00 -0400, Reid, Rowan (GSP) wrote:
tip though. What I would really love is to get my hands on the actual firewall script.
Not sure what you mean. It's on your machine, right?
1.) Will I have to place my ISP DNS address in all my machines in order to resolve inet addresses, or will it automatically be resolved through pppd ?
ppp-up will update you /etc/resolv.conf file when you connect. Look at that script (/etc/ppp/ip-up). I'd suggest setting up a caching only named. See the DNS howto for really easy instructions. Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Reid, Rowan (GSP)" wrote:
Well, squid works ontop of ipchains. I ran out of time so I wans't really able to disable squid and try that. thanks for the tip though. What I would really love is to get my hands on the actual firewall script. I am thinking it may be worth my while to set up my own rules. there are a few thinggs that I would love to clarify though.
1.) Will I have to place my ISP DNS address in all my machines in order to resolve inet addresses, or will it automatically be resolved through pppd ?
In this sort of situation, I'd probably set up a caching name server. This is actually reasonably easy, and there's a great step by step quide at: http://www.linuxgazette.com/issue45/tag/11.html Then you can just point all the Win computers to get their DNS from the Linux box.
2.) does anyone have any sample ipchains rules, for a typical home network. my setup is as follows
1- SuSE6.3 Firewall machine which also acts as a Wins server and windows Domain Controllor, 3- windows based machines, for teh rest of the fam 1- Dual boot SuSE/Windows Design Station. which will be all Linux soon. ( just got CorelDraw9 beta ) :)
I could email you some privately... it just all depends on what you want to allow access to/from. I would just have a good look at /usr/doc/howto/en/IPCHAINS-HOWTO.gz.
** I have found the newbie help files (NHF) at http://www.linuxnewbie.org/ to ** be invaluable when you are not sure what to do. Not everything is covered, ** but what is there is explained so that we mere mortals can understand it!
Yes - they might be of help for some items but not necessarily firewalling with SuSE's firewall s/w. I've been in UNIX/Networks for at least 5 years and like hell I can get a SuSE firewall to do the job it's supposed to do without adequate documentation (which doesnt exist at the moment). I will say that LinuxNewbie.org is a lot more helpful than most of the LDP though
Hope that helps, Chris -- Apologies to everyone who has been waiting for replies off me over the past few weeks - I've been away from my computer. I'll try to catch up with my email over the coming days, but don't be surprised if you get a reply in a month's time... __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Moin Reid,! Reid, Rowan (GSP) schrieb am Montag, den 17. April 2000:
Well, squid works ontop of ipchains. I ran out of time so I wans't really able to disable squid and try that. thanks for the tip though. What I would really love is to get my hands on the actual firewall script. I am thinking it may be worth my while to set up my own rules. there are a few thinggs that I would love to clarify though.
1.) Will I have to place my ISP DNS address in all my machines in order to resolve inet addresses, or will it automatically be resolved through pppd ?
I do. Works fine.
2.) does anyone have any sample ipchains rules, for a typical home network. my setup is as follows
Have you seen the "Strong ipchains ruleset" here. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri It's a big document but there are a couple of rulesets. Weak and Strong. They are explained pretty well. I've used the strong before and it worked well against port scans you can get from the internet. The rulesets are about a quarter of the way down the page. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Moin Reid,! Reid, Rowan (GSP) schrieb am Montag, den 17. April 2000:
2.) does anyone have any sample ipchains rules, for a typical home network. my setup is as follows
Here is the actual rulset for strong IPchains. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS-files/rc.firewall-trini... -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
bljilek@bigfoot.com -
chris.reeves@iname.com -
moseley@hank.org -
ReidR@gspinc.com