Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Mr. Stewart on September 17, 2003, 12:57:24 AM
-
I am having lots of trouble with the nachi virus cuasing our network to lose internet becuase the pinging that it causes keeps overwhelming the sme server. I need to know how to stop icmp pings from going through the sme server/gateway. It is version 5.6 I know there is all kinds of discussion on the phorums about this topic but i can not find a clear explanation of what to do.
Please help.
-
Hello
Take a look at coyote linux I got tired of the same thing and put coyote in place and that ended the pinging problems
you will however have to port-forward to your sme box
coyote will replace your gateway and it has a web admin
it runs on port 8180
http://www.coyotelinux.com/
you just need a simple box with a floppy no hard drive or cdrom
they say 486 and 16 megs of ram
ps don't use auto port-forward use manual setup
-
Another solution could be
using acid+snort module in your sme server
Ther is a very complete howto (search the forums for the right url)
I've used it for a while with no complains at all
Offending ips get automatically rejected for a 24 hour period.
ALe
-
Guys, the easiest solution is adding an ipchain rule, or modifying the accempt-icmp template.
/sbin/ipchains -A input -p icmp --icmp-type echo-request -d $OUTERIP -j DENY -i eth0
I'm assuming that eth0 is your external interface.
-
How does one go about modifying the accempt-icmp template please so that I can insert this ICMP block. My external interface is eth1 so I assume the only change to make is eth0 to eth1 in that string.