[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Rebuilding after Haq

Subject: RE: [cobalt-users] Rebuilding after Haq
From: "Devin Smith" <devinsmith@xxxxxxxxxxxxxxx>
Date: Sat Jul 6 18:40:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi Peter, I ran into an interesting problem.  My main IP address is in a
different subnet from all my hosted sites, and when trying to use the
PMFirewall, it only binds to the single IP address (the main RaQ
address).  Is there a way to make it bind to ALL the addresses in ALL
subnets?  Here's an example of my setup (inflicted upon me by my ISP):

www.myhostingcompany.com - 216.123.123.123
www.allmyotherdomains.com - 66.123.123.1-128

...I'm a little perplexed as it seems there is no place to add
additional Ips, at least none that the MAN pages or commented scripts
tell me!  

Thanks for your help in advance,

Devin

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Gerald Waugh
Sent: July 6, 2002 7:21 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Cc: David Lucas
Subject: Re: [cobalt-users] Rebuilding after Haq


On Saturday 06 July 2002 06:37 am, Gerald Waugh wrote:

Found another glitch, in logcheck
fixed below

> On Saturday 06 July 2002 02:02 am, David Lucas wrote:
> > Gerald, was there a little glitch in the PortSentry section.
> >
> > I posted it all online if you don't mind 
> > http://www.yetiservices.com/raq/howto.html
>
> Yes, it was confusing
> I was trying to show the removal of port 143 from the list of ports I 
> corrected it below I was also trying to show the diff for ifwadm 
> (RaQ2) I fixed it below
>
> > At 12:54 PM 7/5/2002, you wrote:
> > >OK, i have completed installing these on a new server There can be 
> > >many variations and permutations, but this is a basic one. If I 
> > >erred let us know. Its just that too many people are getting stung,

> > >maybe this will help
> > >
> > >  ============= I P C H A I N S ================
> > >1) wget http://netfilter.samba.org/ipchains/ipchains-1.3.10.tar.gz
> > >2) tar -zxvf ipchains-1.3.10.tar.gz
> > >3) cd ipchains-1.3.10
> > >4) make all     (does nothing, as its compiled)
> > >5) make install
> > >
> > >============ P M F I R E W A L L ==========
> > >1) wget  
> > >http://www.pointman.org/PMFirewall/download/pmfirewall-1.1.4.tar.gz

> > >2)  tar -zxvf pmfirewall-1.1.4.tar.gz
> > >3) cd pmfirewall-1.1.4
> > >4) edit /etc/host.allow
> > >    in.telnetd : <my.ip.add.res>
> > >5) edit /etc/host.deny
> > >    in.tellnetd : ALL
> > >6) Insure telnet is enabled
> > >7) ./install.sh (note in most cases you will 'hit' Enter see *)
> > >    Directory to place config files [/usr/local/pmfirewall]:
> > >    External Interface [eth0]:
> > >    Are there any IP ranges which require unrestricted access?
(y/N):
> > >    Are there any IP ranges which should be blocked completely?
(y/N):
> > >    Is your IP address assigned via DHCP?  (y/N):
> > >    *Are you running a FTP Server on ports: 20/21 (y/N):y
> > >    *Are you running a SSH Server on port: 22 (y/N):y
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    *Are you running a Telnet Server on port: 23 (y/N):y
> > >    Are you running a SMTP Server on port: 25 (y/N):
> > >    *Are you running a DNS Server on port: 53 (y/N):y
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    Are you running a Finger Server on port: 79 (y/N):
> > >    *Are you running a Web Server on port: 80 (y/N):y
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    *Are you running a POP Server on port: 110 (y/N):y
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    Allow IDENT connections on port: 113 (y/N):
> > >    Are you running a NNTP Server port: 119 (y/N):
> > >    *Are you using NTP, it requires port: 123 (y/N):y
> > >    Do you wish to open NetBIOS/SAMBA ports 137-139 (not 
> > >recommended)?
> > > (y/N): ?  Are you running an IMAP Server on port: 143 (y/N):
> > >    *Are you running a SSL Web Server on port: 443 (y/N):y
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    Are you running Routed (RIP) on port: 520 (y/N):
> > >    Do you wish to open NFS port 2049 (not recommended)? (y/N):
> > >    Do you wish to open X-Server ports 5999-6003 (not recommended)?
> > > (y/N): *Are there any other ports you wish to open to the outside?
> > > (y/N):y Port number: 81
> > >      tcp, udp or both: tcp
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    *Do you wish to add others? (y/N): y
> > >      Port number: 444
> > >      tcp, udp or both: tcp
> > >      Enter the IP Range or press ENTER for any IP address:
> > >    Do you wish to add others? (y/N):
> > >    Start PMFirewall on bootup? (Y/n):
> > >    Do you want pmfirewall to autodetect your IP address? (Y/n)
> > >    Will this box Masquerade connections for other PC's (y/N):
> > >8) ipchains -L -n  shows rules
> > >9) review your rules (not necessary but you might look)
> > >    vi /usr/local/pmfirewall/pmfirewall.rules.local
> > >    If you are using any of the following ip address comment out
the one
> > > you use
> > >      # Block Nonroutable IP's from entering on the External
Interface
> > >      $IPCHAINS -A input -j DENY -s 10.0.0.0/8 -d $OUTERNET -i
$OUTERIF
> > >      $IPCHAINS -A input -j DENY -s 127.0.0.0/8 -d $OUTERNET -i
$OUTERIF
> > >      $IPCHAINS -A input -j DENY -s 172.16.0.0/12 -d $OUTERNET -i
> > > $OUTERIF #$IPCHAINS -A input -j DENY -s 192.168.0.0/16 -d
$OUTERNET -i
> > > $OUTERIF Make sure tlenet port 23 is at accept
> > >9) /etc/rc.d/init.d/pmfirewall start (don't exit your shell until
you
> > > test) Enter a new SSH and telnet shell from your PC, make sure it
> > > works!!! 10) ipchains -L -n   (shows rules)
> > >This setsup a basic firewall.
> > >Add - subtract rules from
/usr/local/pmfirewall/pmfirewall.rules.local
> > >read up on ipchains
> > >
> > >============ P O R T S E N T R Y ===========
> > >1) wget  
> > >http://www.psionic.com/downloads/portsentry-1.1.tar.gz============ 
> > >P M  F I R E W A L L ==========
> > >2) tar -zxvf portsentry-1.1.tar.gz
> > >3) cd portsentry-1.1
> > >4) vi portsentry.conf
> > >    find
> > >    # Use these if you just want to be aware:
>
>          remove "143" tcp/udp from list of ports
>         find
>
> > >    # Newer versions of Linux support the reject flag now. This
> > >    # is cleaner than the above option. [ uncomment this line ]
> > >    #KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
>
>          uncomment the above line.
>          If you are using ipfwadm (RaQ2) do the following instead
>          # ipfwadm support for Linux
>          #KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o"
>
> > >5) save the portsentry.conf file
> > >6) make linux
> > >7) make install
> > >8) vi /etc/rc.d/rc.local
> > >    at the end of the fiel insert
> > >    /usr/local/psionic/portsentry/portsentry -udp
> > >    /usr/local/psionic/portsentry/portsentry -tcp
> > >9) there are more advanced methods and are left as an exercise for 
> > >the  user
> > >
> > >============== L O G C H E C K =============
> > >1) wget http://www.psionic.com/downloads/logsentry-1.1.1.tar.gz
> > >2) tar -zxvf logsentry-1.1.1.tar.gz
> > >3) cd logsentry-1.1.1
> > >4) make linux
> > >5) vi /usr/local/etc/logcheck.sh
> > >    # Person to send log activity to.
> > >    SYSADMIN="<email address>"
> > >6) vi /usr/local/etc/logcheck.cron
> > >    # my logcheck cron job

 00 * * * * root /usr/local/etc/logcheck.sh

> > >7) save the file
> > >8) crontab /usr/local/etc/logcheck.cron
> > >9) crontab -l   (see if it loaded)
> > >10) /etc/rc.d/init.d/crond restart
> > >
> > >--
> > >Gerald Waugh
> > >http://frontstreetnetworks.com  SOHO Networks & Web Site Hosting
> > >Front Street Networks LLC     voice +1 203 785 0699 * fax +1 203
785
> > > 1787 229 Front Street, Ste. #C, New Haven CT 06513-3203
> > >
> > >-------------------------------------------------------
> > >
> > >--
> > >Gerald Waugh
> > >http://frontstreetnetworks.com  SOHO Networks & Web Site Hosting
> > >Front Street Networks LLC     voice +1 203 785 0699 * fax +1 203
785
> > > 1787 229 Front Street, Ste. #C, New Haven CT 06513-3203
> > >
> > >_______________________________________________
> > >cobalt-users mailing list
> > >cobalt-users@xxxxxxxxxxxxxxx
> > >To Subscribe or Unsubscribe, please go to: 
> > >http://list.cobalt.com/mailman/listinfo/cobalt-users

-- 
Gerald Waugh 
http://frontstreetnetworks.com  SOHO Networks & Web Site Hosting
Front Street Networks LLC     voice +1 203 785 0699 * fax +1 203 785
1787
229 Front Street, Ste. #C, New Haven CT 06513-3203 

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users
Follow-Ups:
- RE: [cobalt-users] Rebuilding after Haq
  - From: Peter Masloch
- Re: [cobalt-users] Rebuilding after Haq
  - From: Gerald Waugh
References:
- Re: [cobalt-users] Rebuilding after Haq
  - From: Gerald Waugh
Prev by Date: [cobalt-users] RE: NTP Servers Again
Next by Date: Re: [cobalt-users] RE: NTP Servers Again
Previous by thread: Re: [cobalt-users] Rebuilding after Haq
Next by thread: RE: [cobalt-users] Rebuilding after Haq
Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index