similar to: Secure? Samba over internet

On Tue, 16 Jun 1998, Avery Pennarun wrote: > Here is the script I use on my home IP masquerade system. It is designed > to deny everything except what is specifically allowed in some of the > definitions near the top. Note that there is one fatal problem -- the > input firewall is changed to allow incoming data back to ports 1024 > through 65535, because any of those might have

Since it seems that named is theme of the month. I though I would present an example of using firewall to protect your bind service. One of reasons for presenting is that in all examples shown so far it seemed that everyone suggested to leave named full-open. However, it does not always have to be case. Say, if you are running an private network then you want just to allow named get data

I guess you are in what I think of as "Newbie Hell." It sounds like you are learning linux like a lot of people, all by yourself. That's how I did it, and it is maddening and worse, very time consuming. The important thing is not to keep hitting your head against the brick wall over and over. So, what to do. First, I would join a linux email support group. I belong to a very good

* I sent this to the guy doing the Securing RH 5.x online book, but this is not RedHat specific, should be good for all Linux'es (?). I haven't seen anything on here about this, so my apologies if maybe I missed it. >Date: Thu, 30 Jul 1998 08:37:27 -0400 >From: Alan Spicer <aspicer@ebiznet.com> >Organization: Electronic Business Network >X-Mailer: Mozilla 4.05 [en]

Hi, I had installed squid with ntlm authentication and content filtering from this tutorial: http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch. Next to last point is firewall configuration by ipmasq but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the

Hello, I hope this isn't too off topic, but I'm attempting to set up a Spectralink 8002 Wifi phone with our Asterisk installation, and seem to be running into a brick well (more of a wall than others that have posted their experiences). My problem is that the phone boots, associates with the wireless, grabs an IP (tried static too - same thing), contacts the TFTP server for firmware, then

Vicidial can't call and transfer to my softphone. I get some line that says Spawn Extension....exited on non zero.... Here's some of the CLI output. I am using Asterisk 1.2.4 and astguiclient 1.1.8 ...thanks for the help |SELECT count(*) FROM vicidial_auto_calls where status = 'LIVE' and server_ip='127.0.0.1' and campaign_id = '' and call_time <

Here is another log from the * server CLI, I reall hope some one can help me out on this one. thanks |SELECT count(*) FROM vicidial_auto_calls where status = 'LIVE' and server_ip='127.0.0.1' and campaign_id = '' and call_time < "" and lead_id != '';| -- VDAD get agent: |0|update of vla table: |127.0.0.1 |UPDATE vicidial_live_agents set

We run a Hosting farm behind a bridge/iptables firewall setup running Gentoo with kernel 2.4.20-gentoo-r6, connected to a dual 15Mbps international internet pipe / , as this: Net Pipe --------- eth1 Bridge/Firewall eth0 -------- Internal Hosting Network lately we have been looking at htb to somehow control excessive usage from the users behind, but in our implementation there seems to be an

Hello, Is there any reason why an IP-phone would pounder on port 5060 ? My firewall blocks the public IP because it thinks the remote IP is port scanning on port 5060. I think the phone is just registering but for some reason it does this repeatedly in a very short time. Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00

To fix this, i would start with. First, set the first AD-DC its resolv.conf to SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p') search $(hostname -d) > resolv.conf.new nameserver ${SERVER_IP} >> resolv.conf.new nameserver 8.8.8.8 # because we want a fallback to internet, for now. >> resolv.conf.new mv /etc/resolv.conf{,.backup} mv

Michel, One approach that hasn't been suggested is to block access to the netbios nameservice port on the samba host with a firewalling rule. That way the other computers on the subnet can't register themselves with nmbd. Suppose that your internal network is all within the 192.168.15.0/24 network. Each Windows workstation will automatically announce itself with a udp packet broadcast

Hello, ices kh48 seems to have some trouble... See the stranges characters avec metadata update. (before, it was written bad address) and also, it is not connecting to icecast: socket error, ... I go back to kh47 for the moment. Chris [2003-11-25 10:45:50] INFO ices-core/main Streamer version IceS 2.0-kh-pre48 [2003-11-25 10:45:50] INFO ices-core/main libshout version 2.0-kh22 [2003-11-25

If in one time 3 IP adresses using internet. TC script: DEV=eth0 # LAN SERVER_IP=192.168.1.2 # eth0 ip address tc qdisc add dev $DEV root handle 1: htb default 255 tc class add dev $DEV parent 1: classid 1:1 htb rate 384Kbit quantum 1500 tc class add dev $DEV parent 1:1 classid 1:20 htb rate 128Kbit ceil 384Kbit prio 0 quantum 1500 tc class add dev $DEV parent 1:1 classid 1:21 htb rate 128Kbit

Hello I try today to install samba 4.13.1 ? ./configure run without error Make run without error Make Check Failed Debian 10.6 Also all required Packages are installed -- # cat summary = Failed tests = == samba4.blackbox.demote-saveddb == command: PYTHON=python3 /usr/src/samba-4.13.1/testprogs/blackbox/demote-saveddb.sh $PREFIX_ABS/demote

Hi, I'd like to add a feature to my asterisk system that tries to find a user among a couple of locations, and then goes to internal voicemail if the user doesn't pick up. (e,g, an internal extension and a cell phone). The catch is that I want the user to manually accept the call to prevent it from going (for example) to the voice mail on my cell phone. Scenario * Call comes in,

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

I would like to allow certain types of ICMP traffic and not others. Is there a way, with ipfwadm do this? I currently either can deny access to ICMP for what I want or allow it. Any good examples out there? [mod: Please summarize in about a week, OK? -- REW] -- -- #include <std_disclaimer.h> Peter Kelly Email: pkelly@ETS.net PGP Public key: http://www.ets.net/pkelly/pgp.html Key

I recently installed rsync 2.5.5 on both my rsync server and client being used. I installed the latest version because I was having problems with rsync stalling with version 2.4.6 (I read that 2.5.5 was supposed to clear this up or at least give more appropriate errors). I am still having problems with rsync stalling even after upgrading to 2.5.5. It only stalls in the "/home" tree

I keep seeing 'Joe Average compromised computer on broadband' being used to do email dictionary attacks on our systems. Seems I always have several domains going through these. One in particular has been in the 'a-' list for weeks with about 20,000 attempts per day from various systems. Yeah, I do have a system which blocks email from these systems for a period of time after 3