TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:6820] CISCO 675 ASDL USWEST (Really RE: IP MASQ, IPCHAINSstuff)



Check out this slick html front-end to ipchians and ipfwadm for setting up
packet filtering, masquerading and protecting yourself.  Anyone with a
Linux Machine connected to the internet by something fast should use
at least some form of packet filtering.  The safety of the universe
depends on it!

Try the Firewall / ipchains / ipfwadm tool here:
http://rlz.ne.mediaone.net/linux/firewall/

Don't forget to read the HowTo to see how it works:
ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/IPCHAINS-HOWTO

Peter Lukas

On Mon, 12 Jul 1999, Tim Neu wrote:

> 
> On Mon, 12 Jul 1999 wade.a.harding@ac.com wrote:
> 
> > True enough. But if you do that, how can you separate the internal network from
> > the external? Would you rely on USWest not routing packets on a 192.168.x.x
> > network, or set the router up to drop them?
> 
> Just set up your Linux box to only forward 192.168.x.x - anything US west
> uses will be outside of that subnet and could not be routed (from what I
> understand). 
> 
> Of course, if US west were to be compromised, the attacker could assign
> you a dhcp address inside your subnet mask; and then access the rest of
> your private network...   And, as you suggest; if US West had TERRIBLY
> incorrect router configuration, you may have some vulnerability to other
> US West customers (if 192.168 were routed by mistake)
> 
>   I believe you can also set up routing rules for each specific interface.
> If your PC would be connected to the internet full time, it would be a
> good idea to do your homework on this stuff...   It just seems to be a
> waste of a good nic card... 
> 
> At one time I had my linux box set up to IP Masquerade through one IP
> address to my work network; while having a second interface on the local
> network.   It worked VERY well... 
> 
> > Tim Neu <tim@tneu.visi.com>
> > 07/11/99 09:11 PM GMT
> > Please respond to tclug-list@mn-linux.org
> > 
> > To:   tclug-list@mn-linux.org
> > cc:    (bcc: Wade A. Harding)
> > Subject:  Re: [TCLUG:6820] CISCO 675 ASDL USWEST
> > 
> > 
> > 
> > 
> > You don't even need two nic's.   The kernel IP Aliasing feature is
> > designed to allow your linux box to have two ip addresses - Just set up
> > eth0 to your home network IP and eth0:0 to your DHCP assigned IP from US
> > West. Then you can set up masquerading as usual...
> > 
> >  On Tue, 6 Jul 1999 wade.a.harding@ac.com wrote:
> > 
> > > I thought that USWest handed out as many DHCP IP's as you could suck up. (?)
> > If
> > > a "true" IP is not an issue, stick a linux box with 2 NIC's in and do
> > > masquerade. It's what I did until I bought the Visi 6-pack of IP's.... Aah....
> > a
> > > six pack... :)
> > >
> > > -Wade
> > >
> > >
> > > Bob Tanner <tanner@real-time.com>
> > > 07/06/99 07:47 PM GMT
> > > Please respond to tclug-list@mn-linux.org
> > >
> > > To:   tclug-list@mn-linux.org
> > > cc:    (bcc: Wade A. Harding)
> > > Subject:  Re: [TCLUG:6820] CISCO 675 ASDL USWEST
> > >
> > >
> > >
> > >
> > > USWest still does bridging(?), and your computer is requesting a DHCP address
> > > and you probably bought only 1 IP from them.
> > >
> > > Quoting noid (noid@bruce-lee.com):
> > > > Hello
> > > > I just installed a Cisco 675 router on a computer connected to a hub. I'm
> > > > using ADSL from USWEST, who claims I can can have multiple computers
> > > > running on a lan connected to the router, but won't support and
> > > > troubleshooting beyond installation.
> > > >
> > > > My question is, why does the router only hand out 1 IP address.  The router
> > > > is config'd for DHCP, but will hand out the same address <10.0.0.2> to any
> > > > computer logging on to the network, which causes IP conflicts.
> > > >
> > > > Any help would be appreciated!!!
> > > >
> > > >
> > > >
> > > > _____________________________________________
> > > > Free email with personality! Over 200 domains!
> > > > http://www.MyOwnEmail.com
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > > --
> > > Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
> > > http://www.real-time.com                | Fax   : (612)943-8500
> > > Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > >
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > 
> > 
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
>