|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] new to linux Paul
|
I am also using DirectTV DSL but as you can see I only have one IP
address and am using port forwarding for the rest of the network.
On the boxes behind the firewall you set up each ethernet card with 2 IP
addresses.
first use ifconfig and route to configure the ethernet like:
ifconfig eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
route add -net 192.168.1.0
route add -host real-IP-address eth0
route add default gw real-IP-address eth0
This use to be a script in /etc/init.d/network but now the distributions
have fancier scripts but are at times a pain to get around adding 2
addresses to a ethernet card so I find it easier to revert back to the
old way that works for me. Of course I tweek my start up scripts to
disable the ones that I don't want started.
There are a lot of firewall packages out there, but most allow the
passing through everything from port 1-1024 whereas I limit exactly what
I want passed through. Also the only port on my firewall that is open
for listening is port 22 for ssh login. The only way to get to ssh
login is to first log in on the dmz box then ssh to a specific box on
the lan. Also the passwords on the firewall are totally different than
the passwords on the rest of the network and I used pwgen -s 14 to
generate them. Needless to say, they are not easy to memorize. but
onse you have your firewall up and running you don't need to log on to
it except to look at your log files.
Also I think that DirectTV now will sell you a second IP address or more
if needed.
Paul wrote:
>
> > If you have the HUB connected directly to the modem then your network is
> > not secure and any M$ windows boxes are in peril. Using the asbove
>
> By default DirectTV only gives out one static IP.
> Connecting a hub to the gateway wouldn't allow more than
> that one PC to route to the internet. More accurately, no
> packets to route back to the PCs from the Internet.
>
> > system. If you are using Linux 2.4 series of kernel grab the source
> > from ftp.kernel.org and compile a custom kernel with all of the
> > firewalling support. Before compiling a custom kernel you need to know
>
> I've never had to recompile a kernel under Red Hat to enable
> firewalling.
>
> Those iptables rules are definitely useful!
>
> That brings up some question. Is there a good, interactive
> firewall utility for making it easier to create rules? Is
> there a good GUI for manually creating those rules?
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
--
Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\
http://www.netaxs.com/~ldc ( o.o )
Phone: 215-535-4037 > ^ <
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|