Rusty's 3 line masquerading - how secure?

Rusty's 3 line masquerading - how secure?

Post by Joh » Sun, 19 Mar 2000 04:00:00



I'm faily new to Linux and I'm trying to figure out ipchains.
I have transparant internet access to the net from my home network
using Rusty's 3 line guide to masquerading as mentioned in the
ipchains how-to. The 3 lines are:

         ipchains -P forward DENY
         ipchains -A forward -i ppp0 -j MASQ
         echo 1 > /proc/sys/net/ipv4/ip_forward

How secure is this? I have a dialup net service with a dynamic ip
address.

There is so much mention as to how insecure Linux is, if not
configured properly, how secure is a dialup networking connection in
Windows?

Thanks in advance

                                John

 
 
 

Rusty's 3 line masquerading - how secure?

Post by David . » Sun, 19 Mar 2000 04:00:00


This isn't a firewall it. It turns IP-masquerade on.
--
Due to extreme SPAM abuse! Remove z's and x's from above to reply.
Thank the spammer's A..holes that they are. Still can't reach me?
Then your address range is already blocked due to previous spam.
Sorry!  I hate spam!!

 
 
 

Rusty's 3 line masquerading - how secure?

Post by Bore » Sun, 19 Mar 2000 04:00:00


This would only get your boxes on your internal LAN on the network.
You would need additional rules defined to block off access that you
would like to regulate.

I suggest running nmap. Find an open service, and lock it down.
:)


>I'm faily new to Linux and I'm trying to figure out ipchains.
>I have transparant internet access to the net from my home network
>using Rusty's 3 line guide to masquerading as mentioned in the
>ipchains how-to. The 3 lines are:

>     ipchains -P forward DENY
>             ipchains -A forward -i ppp0 -j MASQ
>             echo 1 > /proc/sys/net/ipv4/ip_forward

>How secure is this? I have a dialup net service with a dynamic ip
>address.

>There is so much mention as to how insecure Linux is, if not
>configured properly, how secure is a dialup networking connection in
>Windows?

>Thanks in advance

>                            John

 
 
 

Rusty's 3 line masquerading - how secure?

Post by Bore » Sun, 19 Mar 2000 04:00:00


This would only get your boxes on your internal LAN on the network.
You would need additional rules defined to block off access that you
would like to regulate.

I would  highly recommend using nmap. Find an open service and lock it
down.
:)


>I'm faily new to Linux and I'm trying to figure out ipchains.
>I have transparant internet access to the net from my home network
>using Rusty's 3 line guide to masquerading as mentioned in the
>ipchains how-to. The 3 lines are:

>     ipchains -P forward DENY
>             ipchains -A forward -i ppp0 -j MASQ
>             echo 1 > /proc/sys/net/ipv4/ip_forward

>How secure is this? I have a dialup net service with a dynamic ip
>address.

>There is so much mention as to how insecure Linux is, if not
>configured properly, how secure is a dialup networking connection in
>Windows?

>Thanks in advance

>                            John

 
 
 

Rusty's 3 line masquerading - how secure?

Post by Mike Schopp » Sun, 19 Mar 2000 04:00:00


John,

David Ranch wrote the IP_Masquerading How To. Check out his TrinityOS
site. A document and package he offers gives steps needed to setup test
and lock down a firewall. It got me up and running in a day, after I
struggled with it for weeks. It was a great find for me!

Good Luck,
Mike Schoppe


> I'm faily new to Linux and I'm trying to figure out ipchains.
> I have transparant internet access to the net from my home network
> using Rusty's 3 line guide to masquerading as mentioned in the
> ipchains how-to. The 3 lines are:

>          ipchains -P forward DENY
>          ipchains -A forward -i ppp0 -j MASQ
>          echo 1 > /proc/sys/net/ipv4/ip_forward

> How secure is this? I have a dialup net service with a dynamic ip
> address.

> There is so much mention as to how insecure Linux is, if not
> configured properly, how secure is a dialup networking connection in
> Windows?

> Thanks in advance

>                                 John

 
 
 

1. ftp with masquerading (was 'Cannot get masquerading to work!')

Ok, masquerading is working now. Must have been something in the kernel
as it just started working! I can telnet and have web access but I
cannot ping anthing outside my local net. I can ftp to a site but cannot
'dir' or 'get'. It returns a 'port error' every time I try. Is it
possible to do this? It looks to me like icmp is not supported so I
assume ping is out of the question. I can live with that, but I cannot
live without ftp. I have tried different settings with ipfwadm but
haven't had any luck, mainly because I don't know what I am trying to
fix. Any suggestions?

2. Colour problems, memory and X servers

3. Rusty's back...restarting logging interface discussions

4. Setting DF bit in IP header.

5. Rusty's module talk at the Kernel Summit

6. Deleting old mail

7. Rusty's Remarkably Unreliable 2.6 List

8. Firewall Project

9. Firewall/router has a toothache: what does "Rusty's brain broke" mean?!

10. Rusty's Remarkably Unreliable List of Pending 2.6 Features

11. Rusty's module talk at the Kernel Summit

12. UPDATED: Rusty's Remarkably Unreliable 2.6 List

13. 'for WORD in $LINE' is corrupted when * occurs in $LINE ?