similar to: FW: Newbie Help

Hi, I had installed squid with ntlm authentication and content filtering from this tutorial: http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch. Next to last point is firewall configuration by ipmasq but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the

Hello, I would normally not write this list to announce an update to a software package, however there have been a number of very significant changes to this program that users of it may want to upgrade and new users may want to check out. What it is =-=-=-=-=- Sentry is a port scan detector for Linux, *BSD, and most UNIX variants. What it does =-=-=-=-=-=- Sentry monitors your systems for

I've just tried setting up a Shrike (9) version of Redhat. Using the medium settings of lokkit, then adding manually accept commands for ports 137/udp 138/udp, 139/tcp and 445/tcp, I thought I should have been ready to go. This isn't the case, however. I know it's not the smb.conf settup because when I kill iptables samba works. When iptables IS running however, it will respond

On Tue, 16 Jun 1998, Avery Pennarun wrote: > Here is the script I use on my home IP masquerade system. It is designed > to deny everything except what is specifically allowed in some of the > definitions near the top. Note that there is one fatal problem -- the > input firewall is changed to allow incoming data back to ports 1024 > through 65535, because any of those might have

Since it seems that named is theme of the month. I though I would present an example of using firewall to protect your bind service. One of reasons for presenting is that in all examples shown so far it seemed that everyone suggested to leave named full-open. However, it does not always have to be case. Say, if you are running an private network then you want just to allow named get data

* I sent this to the guy doing the Securing RH 5.x online book, but this is not RedHat specific, should be good for all Linux'es (?). I haven't seen anything on here about this, so my apologies if maybe I missed it. >Date: Thu, 30 Jul 1998 08:37:27 -0400 >From: Alan Spicer <aspicer@ebiznet.com> >Organization: Electronic Business Network >X-Mailer: Mozilla 4.05 [en]

I have used lokkit to setup iptables ( I have a big script that does this) basically just ports I want with "--port=https:tcp" etc... I wish to allow igmp and add igmp to the lokkit command line? How do I do that? I can add this to /etc/sysconfig/iptables: iptables -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT iptables -A RH-Firewall-1-INPUT -i eth1 -p igmp -j ACCEPT iptables-save >

I'm working with the Solaris bundled version of samba 3.5.5 and having a problem with server signing. samba is configured into an active directory domain with security = ads. With signing enabled, connections from clients in the domain work fine. However, connections from clients not in the domain fail: ----- >net use /user:WIN\henson \\ike.unx.csupomona.edu\henson Enter the password for

I'm trying to get Samba 3.0.28 to work as an MS Dfs root providing a share that links home directories to the actual servers they reside on. Unfortunately, when I access the share from a Windows XP client, and try to open one of the directories, the client gives an error that it "refers to a location that is unavailable". I've done a lot of searching, and found a number of

I am wanting to pass arguments to lokkit to set up the iptables config file with an entry like this: ( i dont want to manually edit it - I want to do it automatically) iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT I have a small script file that has in it the ports I want enabled, like: ------------------- PORT_SSH="--port=22:tcp"

Michel, One approach that hasn't been suggested is to block access to the netbios nameservice port on the samba host with a firewalling rule. That way the other computers on the subnet can't register themselves with nmbd. Suppose that your internal network is all within the 192.168.15.0/24 network. Each Windows workstation will automatically announce itself with a udp packet broadcast

Hello, I'm trying to test a tinc vpn between two Linux hosts on the same ethernet. If I start tinc on both sides as 'tinc -n test --bypass-security --debug=5' I can ping both machines from each other and tcpdump shows that the packets pass through the tun-device created by tinc. Connection from 192.168.192.17 port 32852 Sending ID to (null) (192.168.192.17 port 32852): 0 helix 17

I was wondering if there was any news on the patches proposed by Ed Plese last year regarding updates for shadow copies to be better compatible with Solaris ZFS: http://lists.samba.org/archive/samba-technical/2007-February/051510.html Reviewing the release notes for the upcoming 3.2 release: http://us3.samba.org/samba/ftp/pre/WHATSNEW-3-2-0pre2.txt I don't see any mention of changes to

Hello. I've made some progress on the issue. I found a tool called TrPlayer which is a text mode front end for real player - initially developed for the use of the visually impaired. The theory is that I can use this and pipe the live stream into vsound which then in turn is passed into ices or another source client. Trouble is, I'm having all sorts of trouble compiling Trplayer on the

Hi Tinc Mailing-Group, I am a bit stuck with firewalling rules at the moment. Maybe someone could please advise me a good rc.firewall script to use on my setup. If anyone runs an ipchains firewall script on their linux box which is ALSO running tinc, could they please mail it to me, for my perusal. I have tinc pre3 set up and working on my systems, however I can only get it to work if I set the

Dear Tinc Experts, I have been struggling for some time now, with Tinc pre3, and firewall rulesets and routing. I did once manage to get Tinc to work okay in a test-bed environment. I then tried to set it up for a 'real-life' setup and cannot get it to work properly. My real-life setup looks like this: Network A: 192.168.1.0 / 255.255.255.0 192.168.1.7 tap1 device gateway >

To all those that wanted to know how I was filtering particular ICMP packets here is a few snippets from my firewall script which is based on one by Ian Hall-Beyer. I hope this helps you get started. Also note the output of the command: ipchains -h icmp Shawn Mitchell mentioned blocking all ICMP echos and especially broadcast echos. Perhaps he''d care to elaborate with a similar

I''m trying to split out my certificate authority and have one CA and multiple masters, currently using round robin DNS, possibly using HAproxy later. Got most of the way there but tangled up in names and certificates. When the Puppet CA generated it''s certificate the PTR record for it''s IP pointed back to it''s domain name ("henson") and it had a CNAME

https://bugzilla.mindrot.org/show_bug.cgi?id=928 Paul Henson <henson at acm.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|henson at acm.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching someone on the CC list

We've been using a fairly old version of samba for quite some time to serve user home directories and group project directories with a configuration approximately like: ----- [global] default service = groups [homes] path = /export/user/%u [groups] path = /export/group/%S ----- This has worked out very well, the samba configuration is minimal, and does not need to