Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: iptables
« previous next »
Pages: 1 2 [3]  All   Go Down

iptables

  • 35 Replies
  • 5486 Views

mbachmann

iptables
« Reply #30 on: February 09, 2004, 08:31:32 AM »
treco, you should use use mrtg and/or sysmon. Have a look here: http://sme.swerts-knudsen.dk/.
Logged

mbachmann

iptables
« Reply #31 on: February 09, 2004, 10:27:51 AM »
O.K., after post upgrade reboot I see "Administration - Firewall Management".

In /etc/e-smith/templates-custom/etc/rc.d/init.d/masq i've found 40AllowIcmp, 40AllowICMPOut, 70Anti-Spoofing templates.

iptables shows, after setting icmp redirect: reject the correct values.

So i guess it's gone alright.

Please excuse for silly questions (like that after iptables -t nat -L -n). I still not feel experienced enough for the experienced user forum. But i'm trying hard.
Logged

Muzo

iptables
« Reply #32 on: February 09, 2004, 11:03:02 AM »
Thanks for your testing, so now i'm sure, masq-manager is SME6.0 compliant!

There's no silly question, only silly responses  :idea: . If there is a question, so something isn't explain clearly.

I prepare a new RPM, where you could see a complet iptables configuration in a panel.
Instead of just seing result of command line iptable -L, panel will show result of : iptables -L AND iptables -t nat -L AND iptables -t mangle -L.

If you dont feel experienced enough, you're on the good way. I'm still a Linux Newbie  8-)
Logged

mbachmann

iptables
« Reply #33 on: February 09, 2004, 05:19:50 PM »
Go Muzo, go.

However the masq mgr seems to interfere with mrtg monitoring in some way i have not found out. But may also be pure coincidence.

Does blocking ICMP redirects (and only redirects, nothing else) prevent SNMP-Strings from being caught? I thought not.
Logged

Muzo

iptables
« Reply #34 on: February 09, 2004, 11:52:51 PM »
Hum .. i don't know.
It's possible, on my manage i just drop echo-reply and echo-request (my server no more respond to ping) on icmp input (form internet to my SME).
You can read this about icmp type on the man page :

Code: [Select]
Valid ICMP Types:
 echo-reply (pong)
3 : destination-unreachable
         network-unreachable
         host-unreachable
         protocol-unreachable
         port-unreachable
         fragmentation-needed
         source-route-failed
         network-unknown
         host-unknown
         network-prohibited
         host-prohibited
         TOS-network-unreachable
         TOS-host-unreachable
         communication-prohibited
         host-precedence-violation
         precedence-cutoff
4 : source-quench
5 : redirect
         network-redirect
         host-redirect
         TOS-network-redirect
         TOS-host-redirect
8 : echo-request (ping)
         router-advertisement
         router-solicitation
11 : time-exceeded (ttl-exceeded)
         ttl-zero-during-transit
         ttl-zero-during-reassembly
         parameter-problem
         ip-header-bad
         required-option-missing
13 : timestamp-request
14 : timestamp-reply
         address-mask-request
         address-mask-reply
Logged

mbachmann

iptables
« Reply #35 on: February 19, 2004, 02:00:43 PM »
I've found out that SNMP uses UDP packages.
Logged
Pages: 1 2 [3]  All   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: iptables