pctas.com
2003-Jan-13 11:45 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
Thankyou the information provided was informative to say the most.
Quote "Shorewall Masqurading made simple ?"
I will not comment any futher about my simple question as I see nothing but
backtracking information.
Maybe all the usless information is somthing to do with the below,
Linux how it works!
First you must remember that 98% of linux programmers are kids or they have
been around computers all their life hence everything must be the way it is
such as "Well you must register first etc. we need that email address , no
html posts ," (they are slightly more laid back than MS users though as
they
do not always have to have a 3D designed website to make a point)
-If they can''t see through you they won''t help you.
-The best way to get help is act like a little kid with your questions?( so
they think they are being of some help)
If you are asked to do something by them and you don''t, they will just
try
to suggest that you must do as they say and start line reading picking your
query for something they cannot understand.
Linux helpers do not see the big picture(analize) they see code and that is
all, so when confused about something they can''t see they start to try
to
see things that are not there which in turn causes pupil dilation which in
turn causes them to just see more code or in the help case they see text
they do not understand hence they follow lines and answer questions trying
to suggest they understand more than you do in turn hoping to gain the
advantage as after all you are asking for their help and they do not
sub-mindedly know why.
-Do not pass attitude in text and you will always receive help
This causes disorientation as they know of the presence that they are
dealing with
These are not rules as the linux helpers would like to see them but and
observation of facts.
Due to the above description hence we have sites like " how to ask a smart
question" or "what information to include in a question" ,these
being
nothing but a power trip for self esteem, which is not needed, but out comes
the kid which was once and still is.--it explains its self
Rules and submission will cause harmony in power
This is why I just act as a kid as they just don''t see how I could know
what
their rules are as Im just not smart enough for the rules and never will be
in their time of dealing with me.
Works the same in the real world ,remember still ,you are in their world
when asking for help and even governments need to abide by their rules to
get something done as the linux helper is the power and Government of
Computers and CyberSpace-they have the intellectual ability which rules
computers hence the power to do what ever they wish.
Not even the biggest government has the power to make a law on which way php
should be written
ie.
<?PHP
echo ("Programmer");
?>
or ;
<?PHP
print "Programmer";
?>
as the government''s are just not smart enough to make the decision.
The day that programming is Government Controlled is the day you will
receive help from the linux programmer with an overall description.
It will happen as military and national security is under a big threat by
the kids of tomorrow.
Obviously you where smart enough to work the problem out you just needed
some help-Hint
CyBorg-0909
Organisation?
Company ?
----- Original Message -----
From: "Mike Noyes" <mhnoyes@users.sourceforge.net>
To: <shorewall-users@shorewall.net>
Sent: Tuesday, January 14, 2003 2:49 AM
Subject: Re: [Shorewall-users] Shorewall on a file/webserver/router Help
> On Sun, 2003-01-12 at 13:07, pctas.com wrote:
> > Status.txt included
> >
> > For illustration purposes see an average basic 2 interface LAN as in
the> > documentation
> > http://www.pcaus.com/mazda/BasicLan.png (40kb)[disregard the wireless
> > accessponit ]
> >
> > Yes I very well read the documentation pages located at sourceforge
> > Therefore my request on this List that maybe someone knew exactly how
to
> > disable the firewall still leaving the NAT translation for connection
> > sharing intact
>
> Jesse,
> What you''re asking for is a router with NAT. Shorewall is a
firewall. I
> suggest you remove Shorewall, and read the following documentation. It
> describes NAT configuration.
>
> http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
> http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html
>
> I have a feeling you may need these instructions. Follow them after you
> discover your network has been compromised.
>
> * Remain calm; don''t hurry.
> * Notify your organization''s management.
> * Provide a game plan (with options if possible).
> * Apply need-to-know.
> * Use out-of-band communications; avoid email and other
> network-based communications channels.
> * Take good notes, good enough to serve as evidence in a court of
> law.
> * Contain the problem; pull the network cable.
> * Back up the system(s), and collect evidence.
> * Eradicate the problem and get back in business.
> * Lessons learned, apply what you have learned.
> http://www.sans.org/resources/idfaq/incident_handling_steps.php
>
>
> > The firewall is working very good to good for my liking
> > I simply wanted to allow all traffic in from the internet on ppp0 for
a
> > webserver and let all traffic out to the internet from the LAN on eth0
to> > ppp0 [NAT](already dose this) and also let the lan be open to
filesharing> > what have you maybe video(dream on) to.
> >
> > from the documentation I see arround 4 or 5 files that may need
editing
,> > I have observed that it is very possible to allow only one service
access> > here and there, but, I wanted to know if there was a quick and simple
way to> > let NAT translation take place on all interfaces without editing tons
of
> > services and ports into the service files and shorewall files
>
> Bridging/Proxy-ARP, a DMZ, and ez-ipupdate is what you should look into.
>
> > O Im not paranoided or worried about access
to
my> > machines/machine
>
> You should be.
>
> --
> Mike Noyes <mhnoyes @ users.sourceforge.net>
> http://sourceforge.net/users/mhnoyes/
> http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://mail.shorewall.net/mailman/listinfo/shorewall-users
>
Mike Noyes
2003-Jan-13 12:08 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
On Mon, 2003-01-13 at 11:45, pctas.com wrote:> Thankyou the information provided was informative to say the most. > > Quote "Shorewall Masqurading made simple ?" > > I will not comment any futher about my simple question as I see nothing but > backtracking information.Jesse, I''m sorry my replies in your opinion were unsatisfactory. It is possible to disable all Shorewall filters without removing Shorewall, but that is not its designed purpose? Shorewall is a firewall, and you want a router that performs NAT. The use of Shorewall for your desired configuration is unnecessary, and an added layer of complexity that you could avoid. -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
John S. Andersen
2003-Jan-13 13:12 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
And with this demonstration of arogance and attitude you now want us to help you HOW? On 14 Jan 2003 at 6:45, pctas.com wrote:> Thankyou the information provided was informative to say the most. > > Quote "Shorewall Masqurading made simple ?" > > I will not comment any futher about my simple question as I see > nothing but backtracking information. > > Maybe all the usless information is somthing to do with the below, > > Linux how it works! > > First you must remember that 98% of linux programmers are kids orthey> have been around computers all their life hence everything must bethe> way it is such as "Well you must register first etc. we need that > email address , no html posts ," (they are slightly more laid back > than MS users though as they do not always have to have a 3Ddesigned> website to make a point) > > -If they can''t see through you they won''t help you. > > -The best way to get help is act like a little kid with your > questions?( so they think they are being of some help) > > If you are asked to do something by them and you don''t, they willjust> try to suggest that you must do as they say and start line reading > picking your query for something they cannot understand. > > Linux helpers do not see the big picture(analize) they see code and > that is all, so when confused about something they can''t see they > start to try to see things that are not there which in turn causes > pupil dilation which in turn causes them to just see more code orin> the help case they see text they do not understand hence theyfollow> lines and answer questions trying to suggest they understand morethan> you do in turn hoping to gain the advantage as after all you are > asking for their help and they do not sub-mindedly know why. > > -Do not pass attitude in text and you will always receive help > This causes disorientation as they know of the presence that theyare> dealing with > > These are not rules as the linux helpers would like to see them but > and observation of facts. > > Due to the above description hence we have sites like " how to aska> smart question" or "what information to include in a question",these> being nothing but a power trip for self esteem, which is notneeded,> but out comes the kid which was once and still is.--it explains its > self > > Rules and submission will cause harmony in power > > This is why I just act as a kid as they just don''t see how I could > know what their rules are as Im just not smart enough for the rules > and never will be in their time of dealing with me. > > Works the same in the real world ,remember still ,you are in their > world when asking for help and even governments need to abide bytheir> rules to get something done as the linux helper is the power and > Government of Computers and CyberSpace-they have the intellectual > ability which rules computers hence the power to do what ever they > wish. Not even the biggest government has the power to make a lawon> which way php should be written ie. <?PHP echo ("Programmer"); > > ?> > > or ; > > <?PHP > print "Programmer"; > ?> > > as the government''s are just not smart enough to make the decision. > The day that programming is Government Controlled is the day youwill> receive help from the linux programmer with an overall description.It> will happen as military and national security is under a big threatby> the kids of tomorrow. > > Obviously you where smart enough to work the problem out you just > needed some help-Hint > > CyBorg-0909 > > Organisation? > > Company ? > > > > > ----- Original Message ----- > From: "Mike Noyes" <mhnoyes@users.sourceforge.net> > To: <shorewall-users@shorewall.net> > Sent: Tuesday, January 14, 2003 2:49 AM > Subject: Re: [Shorewall-users] Shorewall on a file/webserver/router > Help > > > > On Sun, 2003-01-12 at 13:07, pctas.com wrote: > > > Status.txt included > > > > > > For illustration purposes see an average basic 2 interface LANas> > > in > the > > > documentation > > > http://www.pcaus.com/mazda/BasicLan.png (40kb)[disregard the > > > wireless accessponit ] > > > > > > Yes I very well read the documentation pages located at > > > sourceforge Therefore my request on this List that maybesomeone> > > knew exactly how to disable the firewall still leaving the NAT > > > translation for connection sharing intact > > > > Jesse, > > What you''re asking for is a router with NAT. Shorewall is a > > firewall. I suggest you remove Shorewall, and read the following > > documentation. It describes NAT configuration. > > > > http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html > > http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html > > > > I have a feeling you may need these instructions. Follow themafter> > you discover your network has been compromised. > > > > * Remain calm; don''t hurry. > > * Notify your organization''s management. > > * Provide a game plan (with options if possible). > > * Apply need-to-know. > > * Use out-of-band communications; avoid email and other > > network-based communications channels. > > * Take good notes, good enough to serve as evidence in acourt> > of > > law. > > * Contain the problem; pull the network cable. > > * Back up the system(s), and collect evidence. > > * Eradicate the problem and get back in business. > > * Lessons learned, apply what you have learned. > > http://www.sans.org/resources/idfaq/incident_handling_steps.php > > > > > > > The firewall is working very good to good for my liking > > > I simply wanted to allow all traffic in from the internet onppp0> > > for a webserver and let all traffic out to the internet fromthe> > > LAN on eth0 > to > > > ppp0 [NAT](already dose this) and also let the lan be open to > filesharing > > > what have you maybe video(dream on) to. > > > > > > from the documentation I see arround 4 or 5 files that may need > > > editing > , > > > I have observed that it is very possible to allow only one > > > service > access > > > here and there, but, I wanted to know if there was a quick and > > > simple > way to > > > let NAT translation take place on all interfaces withoutediting> > > tons of services and ports into the service files and shorewall > > > files > > > > Bridging/Proxy-ARP, a DMZ, and ez-ipupdate is what you shouldlook> > into. > > > > > O Im not paranoided or worried about > > > access to > my > > > machines/machine > > > > You should be. > > > > -- > > Mike Noyes <mhnoyes @ users.sourceforge.net> > > http://sourceforge.net/users/mhnoyes/ > > http://leaf-project.org/ http://sitedocs.sf.net/ > > http://ffl.sf.net/ > > > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@shorewall.net > > http://mail.shorewall.net/mailman/listinfo/shorewall-users > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://mail.shorewall.net/mailman/listinfo/shorewall-users >______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386_______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
Barry, Christopher
2003-Jan-13 13:17 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
There is no way this person gets help from me. -----Original Message----- From: John S. Andersen [mailto:jsa@norcomix.dyndns.org] Sent: Monday, January 13, 2003 4:12 PM To: pctas.com; shorewall-users@shorewall.net Subject: Re: Fw: [Shorewall-users] Shorewall on a file/webserver/router Help And with this demonstration of arogance and attitude you now want us to help you HOW? On 14 Jan 2003 at 6:45, pctas.com wrote:> Thankyou the information provided was informative to say the most. > > Quote "Shorewall Masqurading made simple ?" > > I will not comment any futher about my simple question as I see > nothing but backtracking information. > > Maybe all the usless information is somthing to do with the below, > > Linux how it works! > > First you must remember that 98% of linux programmers are kids orthey> have been around computers all their life hence everything must bethe> way it is such as "Well you must register first etc. we need that > email address , no html posts ," (they are slightly more laid back > than MS users though as they do not always have to have a 3Ddesigned> website to make a point) > > -If they can''t see through you they won''t help you. > > -The best way to get help is act like a little kid with your > questions?( so they think they are being of some help) > > If you are asked to do something by them and you don''t, they willjust> try to suggest that you must do as they say and start line reading > picking your query for something they cannot understand. > > Linux helpers do not see the big picture(analize) they see code and > that is all, so when confused about something they can''t see they > start to try to see things that are not there which in turn causes > pupil dilation which in turn causes them to just see more code orin> the help case they see text they do not understand hence theyfollow> lines and answer questions trying to suggest they understand morethan> you do in turn hoping to gain the advantage as after all you are > asking for their help and they do not sub-mindedly know why. > > -Do not pass attitude in text and you will always receive help > This causes disorientation as they know of the presence that theyare> dealing with > > These are not rules as the linux helpers would like to see them but > and observation of facts. > > Due to the above description hence we have sites like " how to aska> smart question" or "what information to include in a question",these> being nothing but a power trip for self esteem, which is notneeded,> but out comes the kid which was once and still is.--it explains its > self > > Rules and submission will cause harmony in power > > This is why I just act as a kid as they just don''t see how I could > know what their rules are as Im just not smart enough for the rules > and never will be in their time of dealing with me. > > Works the same in the real world ,remember still ,you are in their > world when asking for help and even governments need to abide bytheir> rules to get something done as the linux helper is the power and > Government of Computers and CyberSpace-they have the intellectual > ability which rules computers hence the power to do what ever they > wish. Not even the biggest government has the power to make a lawon> which way php should be written ie. <?PHP echo ("Programmer"); > > ?> > > or ; > > <?PHP > print "Programmer"; > ?> > > as the government''s are just not smart enough to make the decision. > The day that programming is Government Controlled is the day youwill> receive help from the linux programmer with an overall description.It> will happen as military and national security is under a big threatby> the kids of tomorrow. > > Obviously you where smart enough to work the problem out you just > needed some help-Hint > > CyBorg-0909 > > Organisation? > > Company ? > > > > > ----- Original Message ----- > From: "Mike Noyes" <mhnoyes@users.sourceforge.net> > To: <shorewall-users@shorewall.net> > Sent: Tuesday, January 14, 2003 2:49 AM > Subject: Re: [Shorewall-users] Shorewall on a file/webserver/router > Help > > > > On Sun, 2003-01-12 at 13:07, pctas.com wrote: > > > Status.txt included > > > > > > For illustration purposes see an average basic 2 interface LANas> > > in > the > > > documentation > > > http://www.pcaus.com/mazda/BasicLan.png (40kb)[disregard the > > > wireless accessponit ] > > > > > > Yes I very well read the documentation pages located at > > > sourceforge Therefore my request on this List that maybesomeone> > > knew exactly how to disable the firewall still leaving the NAT > > > translation for connection sharing intact > > > > Jesse, > > What you''re asking for is a router with NAT. Shorewall is a > > firewall. I suggest you remove Shorewall, and read the following > > documentation. It describes NAT configuration. > > > > http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html > > http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html > > > > I have a feeling you may need these instructions. Follow themafter> > you discover your network has been compromised. > > > > * Remain calm; don''t hurry. > > * Notify your organization''s management. > > * Provide a game plan (with options if possible). > > * Apply need-to-know. > > * Use out-of-band communications; avoid email and other > > network-based communications channels. > > * Take good notes, good enough to serve as evidence in acourt> > of > > law. > > * Contain the problem; pull the network cable. > > * Back up the system(s), and collect evidence. > > * Eradicate the problem and get back in business. > > * Lessons learned, apply what you have learned. > > http://www.sans.org/resources/idfaq/incident_handling_steps.php > > > > > > > The firewall is working very good to good for my liking > > > I simply wanted to allow all traffic in from the internet onppp0> > > for a webserver and let all traffic out to the internet fromthe> > > LAN on eth0 > to > > > ppp0 [NAT](already dose this) and also let the lan be open to > filesharing > > > what have you maybe video(dream on) to. > > > > > > from the documentation I see arround 4 or 5 files that may need > > > editing > , > > > I have observed that it is very possible to allow only one > > > service > access > > > here and there, but, I wanted to know if there was a quick and > > > simple > way to > > > let NAT translation take place on all interfaces withoutediting> > > tons of services and ports into the service files and shorewall > > > files > > > > Bridging/Proxy-ARP, a DMZ, and ez-ipupdate is what you shouldlook> > into. > > > > > O Im not paranoided or worried about > > > access to > my > > > machines/machine > > > > You should be. > > > > -- > > Mike Noyes <mhnoyes @ users.sourceforge.net> > > http://sourceforge.net/users/mhnoyes/ > > http://leaf-project.org/ http://sitedocs.sf.net/ > > http://ffl.sf.net/ > > > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@shorewall.net > > http://mail.shorewall.net/mailman/listinfo/shorewall-users > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://mail.shorewall.net/mailman/listinfo/shorewall-users >______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386_______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://mail.shorewall.net/mailman/listinfo/shorewall-users
Tom Eastep
2003-Jan-13 13:36 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
--On Tuesday, January 14, 2003 06:45:09 AM +1100 "pctas.com" <coldascold@dodo.com.au> wrote:> Thankyou the information provided was informative to say the most. > > Quote "Shorewall Masqurading made simple ?" > > I will not comment any futher about my simple question as I see nothing > but backtracking information.You said that you have no need for any rules and that your only policy is that connection requests from all sources to all destinations should be ACCEPTed. The answer to your question is in its statement! And I must say that I don''t admire your tactic of insulting the people who are trying to give you _free_ advice about how to use (or not use) a _free_ product... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Jon Biddell
2003-Jan-13 14:05 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
I''d have to say "what an arrogant prat" - can we just ban him
from the
list ?
=>
=>
=> There is no way this person gets help from me.
=>
=>
=> And with this demonstration of arogance and attitude you
=> now want us to help you HOW?
=>
=>
=>
=> On 14 Jan 2003 at 6:45, pctas.com wrote:
=>
=> > Thankyou the information provided was informative to say the most.
=> >
=> > Quote "Shorewall Masqurading made simple ?"
=> >
=> > I will not comment any futher about my simple question as I see
=> > nothing but backtracking information.
=> >
=> > Maybe all the usless information is somthing to do with the below,
=> >
=> > Linux how it works!
=> >
=> > First you must remember that 98% of linux programmers are kids or
=> they
=> > have been around computers all their life hence everything must be
=> the
=> > way it is such as "Well you must register first etc. we need
that
=> > email address , no html posts ," (they are slightly more
=> laid back
=> > than MS users though as they do not always have to have a 3D
=> designed
=> > website to make a point)
=> >
=> > -If they can''t see through you they won''t help
you.
=> >
=> > -The best way to get help is act like a little kid with your
=> > questions?( so they think they are being of some help)
=> >
=> > If you are asked to do something by them and you don''t,
they will
=> just
=> > try to suggest that you must do as they say and start
=> line reading
=> > picking your query for something they cannot understand.
=> >
=> > Linux helpers do not see the big picture(analize) they
=> see code and
=> > that is all, so when confused about something they can''t
see they
=> > start to try to see things that are not there which in
=> turn causes
=> > pupil dilation which in turn causes them to just see more code or
=> in
=> > the help case they see text they do not understand hence they
=> follow
=> > lines and answer questions trying to suggest they understand more
=> than
=> > you do in turn hoping to gain the advantage as after all you are
=> > asking for their help and they do not sub-mindedly know why.
=> >
=> > -Do not pass attitude in text and you will always receive
=> help This
=> > causes disorientation as they know of the presence that they
=> are
=> > dealing with
=> >
=> > These are not rules as the linux helpers would like to
=> see them but
=> > and observation of facts.
=> >
=> > Due to the above description hence we have sites like " how to
ask
=> a
=> > smart question" or "what information to include in a
question"
=> ,these
=> > being nothing but a power trip for self esteem, which is not
=> needed,
=> > but out comes the kid which was once and still is.--it
=> explains its
=> > self
=> >
=> > Rules and submission will cause harmony in power
=> >
=> > This is why I just act as a kid as they just don''t see
=> how I could
=> > know what their rules are as Im just not smart enough for
=> the rules
=> > and never will be in their time of dealing with me.
=> >
=> > Works the same in the real world ,remember still ,you are
=> in their
=> > world when asking for help and even governments need to abide by
=> their
=> > rules to get something done as the linux helper is the power and
=> > Government of Computers and CyberSpace-they have the intellectual
=> > ability which rules computers hence the power to do what
=> ever they
=> > wish. Not even the biggest government has the power to make a law
=> on
=> > which way php should be written ie. <?PHP echo
("Programmer");
=> >
=> > ?>
=> >
=> > or ;
=> >
=> > <?PHP
=> > print "Programmer";
=> > ?>
=> >
=> > as the government''s are just not smart enough to make the
=> decision.
=> > The day that programming is Government Controlled is the day you
=> will
=> > receive help from the linux programmer with an overall
=> description.
=> It
=> > will happen as military and national security is under a
=> big threat
=> by
=> > the kids of tomorrow.
=> >
=> > Obviously you where smart enough to work the problem out you just
=> > needed some help-Hint
=> >
=> > CyBorg-0909
=> >
=> > Organisation?
=> >
=> > Company ?
=> >
=> >
=> >
=> >
=> > ----- Original Message -----
=> > From: "Mike Noyes" <mhnoyes@users.sourceforge.net>
=> > To: <shorewall-users@shorewall.net>
=> > Sent: Tuesday, January 14, 2003 2:49 AM
=> > Subject: Re: [Shorewall-users] Shorewall on a
=> file/webserver/router
=> > Help
=> >
=> >
=> > > On Sun, 2003-01-12 at 13:07, pctas.com wrote:
=> > > > Status.txt included
=> > > >
=> > > > For illustration purposes see an average basic 2
=> interface LAN
=> as
=> > > > in
=> > the
=> > > > documentation
=> > > > http://www.pcaus.com/mazda/BasicLan.png (40kb)[disregard
the
=> > > > wireless accessponit ]
=> > > >
=> > > > Yes I very well read the documentation pages located at
=> > > > sourceforge Therefore my request on this List that maybe
=> someone
=> > > > knew exactly how to disable the firewall still
=> leaving the NAT
=> > > > translation for connection sharing intact
=> > >
=> > > Jesse,
=> > > What you''re asking for is a router with NAT. Shorewall
is a
=> > > firewall. I suggest you remove Shorewall, and read the
=> following
=> > > documentation. It describes NAT configuration.
=> > >
=> > > http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
=> > > http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html
=> > >
=> > > I have a feeling you may need these instructions. Follow them
=> after
=> > > you discover your network has been compromised.
=> > >
=> > > * Remain calm; don''t hurry.
=> > > * Notify your organization''s management.
=> > > * Provide a game plan (with options if possible).
=> > > * Apply need-to-know.
=> > > * Use out-of-band communications; avoid email and other
=> > > network-based communications channels.
=> > > * Take good notes, good enough to serve as evidence in a
=> court
=> > > of
=> > > law.
=> > > * Contain the problem; pull the network cable.
=> > > * Back up the system(s), and collect evidence.
=> > > * Eradicate the problem and get back in business.
=> > > * Lessons learned, apply what you have learned.
=> > > http://www.sans.org/resources/idfaq/incident_handling_steps.php
=> > >
=> > >
=> > > > The firewall is working very good to good for my liking
=> > > > I simply wanted to allow all traffic in from the internet
on
=> ppp0
=> > > > for a webserver and let all traffic out to the internet
from
=> the
=> > > > LAN on eth0
=> > to
=> > > > ppp0 [NAT](already dose this) and also let the lan be
open to
=> > filesharing
=> > > > what have you maybe video(dream on) to.
=> > > >
=> > > > from the documentation I see arround 4 or 5 files
=> that may need
=> > > > editing
=> > ,
=> > > > I have observed that it is very possible to allow only
one
=> > > > service
=> > access
=> > > > here and there, but, I wanted to know if there was a
=> quick and
=> > > > simple
=> > way to
=> > > > let NAT translation take place on all interfaces without
=> editing
=> > > > tons of services and ports into the service files and
=> shorewall
=> > > > files
=> > >
=> > > Bridging/Proxy-ARP, a DMZ, and ez-ipupdate is what you should
=> look
=> > > into.
=> > >
=> > > > O Im not paranoided or worried
about
=> > > > access to
=> > my
=> > > > machines/machine
=> > >
=> > > You should be.
=> > >
=> > > --
=> > > Mike Noyes <mhnoyes @ users.sourceforge.net>
=> > > http://sourceforge.net/users/mhnoyes/
=> > > http://leaf-project.org/ http://sitedocs.sf.net/
=> > > http://ffl.sf.net/
=> > >
=> > >
=> > > _______________________________________________
=> > > Shorewall-users mailing list
=> > > Shorewall-users@shorewall.net
=> > > http://mail.shorewall.net/mailman/listinfo/shorewall-users
=> > >
=> >
=> > _______________________________________________
=> > Shorewall-users mailing list
=> > Shorewall-users@shorewall.net
=> > http://mail.shorewall.net/mailman/listinfo/shorewall-users
=> >
=>
=>
=> ______________________________________
=> John Andersen
=> NORCOM / Juneau, Alaska
=> http://www.screenio.com/
=> (907) 790-3386_______________________________________
=> John S. Andersen
=> NORCOM mailto:JAndersen@norcomsoftware.com
=> Juneau, Alaska
=> http://www.screenio.com/
=>
=>
=> _______________________________________________
=> Shorewall-users mailing list
=> Shorewall-users@shorewall.net
=> => http://mail.shorewall.net/mailman/listinfo/shore=> wall-users
=>
=>
=>
=> _______________________________________________
=> Shorewall-users mailing list
=> Shorewall-users@shorewall.net
=> => http://mail.shorewall.net/mailman/listinfo/shorewall-users
=>
=>
Tom Eastep
2003-Jan-13 14:06 UTC
Fw: [Shorewall-users] Shorewall on a file/webserver/router Help
--On Tuesday, January 14, 2003 09:02:15 AM +1100 Jon Biddell <jon@fl.net.au> wrote:> I''d have to say "what an arrogant prat" - can we just ban him from the > list ? >I think that the problem has probably taken care of itself by now... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net