[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Rebuilding after Haq
- Subject: RE: [cobalt-users] Rebuilding after Haq
- From: "Peter Masloch" <peter@xxxxxxxxxxx>
- Date: Sun Jul 7 03:12:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Devin,
i believe that you can ad more then one IP to the PMFirewall. Look in
the PMFirewall.conf which should be in /usr/local/pmfireall/
Peter
> Hi Peter, I ran into an interesting problem. My main IP
> address is in a
> different subnet from all my hosted sites, and when trying to use the
> PMFirewall, it only binds to the single IP address (the main RaQ
> address). Is there a way to make it bind to ALL the addresses in ALL
> subnets? Here's an example of my setup (inflicted upon me by my ISP):
>
> www.myhostingcompany.com - 216.123.123.123
> www.allmyotherdomains.com - 66.123.123.1-128
>
> ...I'm a little perplexed as it seems there is no place to add
> additional Ips, at least none that the MAN pages or commented scripts
> tell me!
>
> Thanks for your help in advance,
>
> Devin
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Gerald Waugh
> Sent: July 6, 2002 7:21 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Cc: David Lucas
> Subject: Re: [cobalt-users] Rebuilding after Haq
>
>
> On Saturday 06 July 2002 06:37 am, Gerald Waugh wrote:
>
> Found another glitch, in logcheck
> fixed below
>
> > On Saturday 06 July 2002 02:02 am, David Lucas wrote:
> > > Gerald, was there a little glitch in the PortSentry section.
> > >
> > > I posted it all online if you don't mind
> > > http://www.yetiservices.com/raq/howto.html
> >
> > Yes, it was confusing
> > I was trying to show the removal of port 143 from the list
> of ports I
> > corrected it below I was also trying to show the diff for ifwadm
> > (RaQ2) I fixed it below
> >
> > > At 12:54 PM 7/5/2002, you wrote:
> > > >OK, i have completed installing these on a new server
> There can be
> > > >many variations and permutations, but this is a basic one. If I
> > > >erred let us know. Its just that too many people are
> getting stung,
>
> > > >maybe this will help
> > > >
> > > > ============= I P C H A I N S ================
> > > >1) wget
> http://netfilter.samba.org/ipchains/ipchains-1.3.10.tar.gz
> > > >2) tar -zxvf ipchains-1.3.10.tar.gz
> > > >3) cd ipchains-1.3.10
> > > >4) make all (does nothing, as its compiled)
> > > >5) make install
> > > >
> > > >============ P M F I R E W A L L ==========
> > > >1) wget
> > >
> >http://www.pointman.org/PMFirewall/download/pmfirewall-1.1.4.tar.gz
>
> > > >2) tar -zxvf pmfirewall-1.1.4.tar.gz
> > > >3) cd pmfirewall-1.1.4
> > > >4) edit /etc/host.allow
> > > > in.telnetd : <my.ip.add.res>
> > > >5) edit /etc/host.deny
> > > > in.tellnetd : ALL
> > > >6) Insure telnet is enabled
> > > >7) ./install.sh (note in most cases you will 'hit' Enter see *)
> > > > Directory to place config files [/usr/local/pmfirewall]:
> > > > External Interface [eth0]:
> > > > Are there any IP ranges which require unrestricted access?
> (y/N):
> > > > Are there any IP ranges which should be blocked completely?
> (y/N):
> > > > Is your IP address assigned via DHCP? (y/N):
> > > > *Are you running a FTP Server on ports: 20/21 (y/N):y
> > > > *Are you running a SSH Server on port: 22 (y/N):y
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > *Are you running a Telnet Server on port: 23 (y/N):y
> > > > Are you running a SMTP Server on port: 25 (y/N):
> > > > *Are you running a DNS Server on port: 53 (y/N):y
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > Are you running a Finger Server on port: 79 (y/N):
> > > > *Are you running a Web Server on port: 80 (y/N):y
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > *Are you running a POP Server on port: 110 (y/N):y
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > Allow IDENT connections on port: 113 (y/N):
> > > > Are you running a NNTP Server port: 119 (y/N):
> > > > *Are you using NTP, it requires port: 123 (y/N):y
> > > > Do you wish to open NetBIOS/SAMBA ports 137-139 (not
> > > >recommended)?
> > > > (y/N): ? Are you running an IMAP Server on port: 143 (y/N):
> > > > *Are you running a SSL Web Server on port: 443 (y/N):y
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > Are you running Routed (RIP) on port: 520 (y/N):
> > > > Do you wish to open NFS port 2049 (not recommended)? (y/N):
> > > > Do you wish to open X-Server ports 5999-6003 (not
> recommended)?
> > > > (y/N): *Are there any other ports you wish to open to
> the outside?
> > > > (y/N):y Port number: 81
> > > > tcp, udp or both: tcp
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > *Do you wish to add others? (y/N): y
> > > > Port number: 444
> > > > tcp, udp or both: tcp
> > > > Enter the IP Range or press ENTER for any IP address:
> > > > Do you wish to add others? (y/N):
> > > > Start PMFirewall on bootup? (Y/n):
> > > > Do you want pmfirewall to autodetect your IP address? (Y/n)
> > > > Will this box Masquerade connections for other PC's (y/N):
> > > >8) ipchains -L -n shows rules
> > > >9) review your rules (not necessary but you might look)
> > > > vi /usr/local/pmfirewall/pmfirewall.rules.local
> > > > If you are using any of the following ip address comment out
> the one
> > > > you use
> > > > # Block Nonroutable IP's from entering on the External
> Interface
> > > > $IPCHAINS -A input -j DENY -s 10.0.0.0/8 -d $OUTERNET -i
> $OUTERIF
> > > > $IPCHAINS -A input -j DENY -s 127.0.0.0/8 -d $OUTERNET -i
> $OUTERIF
> > > > $IPCHAINS -A input -j DENY -s 172.16.0.0/12 -d $OUTERNET -i
> > > > $OUTERIF #$IPCHAINS -A input -j DENY -s 192.168.0.0/16 -d
> $OUTERNET -i
> > > > $OUTERIF Make sure tlenet port 23 is at accept
> > > >9) /etc/rc.d/init.d/pmfirewall start (don't exit your shell until
> you
> > > > test) Enter a new SSH and telnet shell from your PC,
> make sure it
> > > > works!!! 10) ipchains -L -n (shows rules)
> > > >This setsup a basic firewall.
> > > >Add - subtract rules from
> /usr/local/pmfirewall/pmfirewall.rules.local
> > > >read up on ipchains
> > > >
> > > >============ P O R T S E N T R Y ===========
> > > >1) wget
> > >
> >http://www.psionic.com/downloads/portsentry-1.1.tar.gz============
> > > >P M F I R E W A L L ==========
> > > >2) tar -zxvf portsentry-1.1.tar.gz
> > > >3) cd portsentry-1.1
> > > >4) vi portsentry.conf
> > > > find
> > > > # Use these if you just want to be aware:
> >
> > remove "143" tcp/udp from list of ports
> > find
> >
> > > > # Newer versions of Linux support the reject flag now. This
> > > > # is cleaner than the above option. [ uncomment this line ]
> > > > #KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
> >
> > uncomment the above line.
> > If you are using ipfwadm (RaQ2) do the following instead
> > # ipfwadm support for Linux
> > #KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o"
> >
> > > >5) save the portsentry.conf file
> > > >6) make linux
> > > >7) make install
> > > >8) vi /etc/rc.d/rc.local
> > > > at the end of the fiel insert
> > > > /usr/local/psionic/portsentry/portsentry -udp
> > > > /usr/local/psionic/portsentry/portsentry -tcp
> > > >9) there are more advanced methods and are left as an
> exercise for
> > > >the user
> > > >
> > > >============== L O G C H E C K =============
> > > >1) wget http://www.psionic.com/downloads/logsentry-1.1.1.tar.gz
> > > >2) tar -zxvf logsentry-1.1.1.tar.gz
> > > >3) cd logsentry-1.1.1
> > > >4) make linux
> > > >5) vi /usr/local/etc/logcheck.sh
> > > > # Person to send log activity to.
> > > > SYSADMIN="<email address>"
> > > >6) vi /usr/local/etc/logcheck.cron
> > > > # my logcheck cron job
>
> 00 * * * * root /usr/local/etc/logcheck.sh
>
> > > >7) save the file
> > > >8) crontab /usr/local/etc/logcheck.cron
> > > >9) crontab -l (see if it loaded)
> > > >10) /etc/rc.d/init.d/crond restart
> > > >
> > > >--
> > > >Gerald Waugh
> > > >http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
> > > >Front Street Networks LLC voice +1 203 785 0699 * fax +1 203
> 785
> > > > 1787 229 Front Street, Ste. #C, New Haven CT 06513-3203
> > > >
> > > >-------------------------------------------------------
> > > >
> > > >--
> > > >Gerald Waugh
> > > >http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
> > > >Front Street Networks LLC voice +1 203 785 0699 * fax +1 203
> 785
> > > > 1787 229 Front Street, Ste. #C, New Haven CT 06513-3203
> > > >
> > > >_______________________________________________
> > > >cobalt-users mailing list
> > > >cobalt-users@xxxxxxxxxxxxxxx
> > > >To Subscribe or Unsubscribe, please go to:
> > > >http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> --
> Gerald Waugh
> http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
> Front Street Networks LLC voice +1 203 785 0699 * fax +1 203 785
> 1787
> 229 Front Street, Ste. #C, New Haven CT 06513-3203
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>