TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:11306] Mediaone & bootpc

Callum Lerwick wrote:
> 
> > > Mostly because I also use Skypoint and want to switch between 'em, but also
> > > because since I've had the two-way service (3 days), I've been port scanned
> > > 3 times, unsuccessfully telnet'ed to twice, etc, etc.  The script kiddies
> > > seem to view Mediaone as fertile ground.
> > 
> > Pardon my ignorance but how do you know that?
> 
> 
> # Setup Firewalling
> /sbin/ipchains -F
> /sbin/ipchains -P input ACCEPT                                 
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -P output ACCEPT
> # block all access to privleged ports except the ones I want
> /sbin/ipchains -N nopriv
> /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 113 -j ACCEPT
> /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 80 -j ACCEPT
> /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 23 -j ACCEPT
> # /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 20:21 -j ACCEPT
> /sbin/ipchains -A nopriv -l -j REJECT
> /sbin/ipchains -A input -p tcp -d 192.168.100.2 0:1023 -j nopriv
> /sbin/ipchains -A input -p udp -d 192.168.100.2 0:1023 -j nopriv
> # ipmasq
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 

That will work assuming you've got a one-way modem.

However, if you've got a two-way modem hooked to "eth1", you'll need something
more like:

   #!/bin/ksh
   #recover IP address
   IPADDR=`ifconfig eth1 | grep "inet addr" | tr -s ":" " " | cut -d' ' -f4`
   if [ "X$IPADDR" = "X" ]
   then echo "Connection is down"
   else # Setup Firewalling
        /sbin/ipchains -F
        /sbin/ipchains -P input ACCEPT
        /sbin/ipchains -P forward DENY
        /sbin/ipchains -P output ACCEPT
        # block all access to privleged ports except the ones I want
        /sbin/ipchains -N nopriv
        /sbin/ipchains -A nopriv -p tcp -d $IPADDR 113 -j ACCEPT
        /sbin/ipchains -A nopriv -p tcp -d $IPADDR 80 -j ACCEPT
        /sbin/ipchains -A nopriv -p tcp -d $IPADDR 23 -j ACCEPT
        # /sbin/ipchains -A nopriv -p tcp -d $IPADDR 20:21 -j ACCEPT
        /sbin/ipchains -A nopriv -l -j REJECT
        /sbin/ipchains -A input -p tcp -d $IPADDR 0:1023 -j nopriv
        /sbin/ipchains -A input -p udp -d $IPADDR 0:1023 -j nopriv
        # ipmasq
        /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
        echo "1" > /proc/sys/net/ipv4/ip_forward
   fi

-S