epike on Fri, 03 Jan 2003 10:41:03 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] my 1st fw script, rev.3


Well I have only one segment behind a linksys
router and it has to serve samba to my lan.
I suppose i could have limited netbios to the
local segment by iptables.  

Samba serving is limited to internal hosts
by samba config smb.conf:

   hosts allow = 192.168.1. 127.0.0.1

Same with dns, telnet, and squid--open ports
but access controlled by the servers.  Either
by tcp wrappers or application configs.

Although with wu-ftp i had to give in to my friend
who I gave access to, so that one is wide open 
(trying to convince him to use secure ftp, in time
that will be closed down also).

Another good way of course is to add a nic but
I dont see the point of adding another hub/router
to consume more electricity.

jondz/epike

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'm not real sure about opening the netbios ports 137 - 139? Do you really
> want to share windows files across the internet? 
> 
> > 
> > VERSION="JondZ 12/2002"
> > WAN_DEVICE=eth0
> > WAN_DEVICE_BROADCAST=192.168.1.255/32
> > TCP_OPENPORTS=20,21,22,23,25,53,80,110,137,138,139,443,3128
> > UDP_OPENPORTS=53,137,138,139
> > 
> 
> - -- 
> > SELECT * FROM users WHERE clue > 0;
> 0 rows returned
> 
> - ---
> Ed Ackerman                    |  It is impossible to make anything
> #include <std.disclaimer>      |  foolproof, since fools are
> edack@kengel.com               |  so ingenious.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
> 
> iEYEARECAAYFAj4U2hgACgkQwgPUPMx9pT3yewCg7BFAwBuAlLa4wFngfstdt3Go
> cPcAoKw6wc5XQAj+XRBSHlw41kzD6HWW
> =Ucvx
> -----END PGP SIGNATURE-----
> 
> _________________________________________________________________________
> Philadelphia Linux Users Group        --       http://www.phillylinux.org
> Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug
> 
_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug