A Chain here, A Chain There...

A Chain here, A Chain There...

Post by Marc Rose » Sun, 26 Dec 1999 04:00:00



I just completed my first attempt at setting up an ipchains based firewall
for my home network (Linux box connected to Internet and 2 private IP
addressed windows machines thru it to the net using MASQ)

Every 15 minutes I get a packet REJECT log message as follows:

Dec 25 21:16:21 pal kernel: Packet log: good-bad REJECT eth0 PROTO=17
192.168.1.3:138 208.249.6.227:138 L=205 S=0x00 I=23054 F=0x0000 T=127 (#14)
Dec 25 21:31:21 pal kernel: Packet log: good-bad REJECT eth0 PROTO=17
192.168.1.3:138 208.249.6.227:138 L=205 S=0x00 I=25614 F=0x0000 T=127 (#14)
Dec 25 21:46:21 pal kernel: Packet log: good-bad REJECT eth0 PROTO=17
192.168.1.3:138 208.249.6.227:138 L=205 S=0x00 I=42513 F=0x0000 T=127 (#14)

port 138 is "netbios-dgm", why would my windows PC (192.168.1.3) be
trying to connect to this remote machine (208.249.6.227 which resolves to
dresden.workgroup.com)????

 
 
 

A Chain here, A Chain There...

Post by Tom Hoffman » Mon, 27 Dec 1999 04:00:00


To broadcast its NETBIOS name?

> I just completed my first attempt at setting up an ipchains based firewall
> for my home network (Linux box connected to Internet and 2 private IP
> addressed windows machines thru it to the net using MASQ)

> Every 15 minutes I get a packet REJECT log message as follows:

> Dec 25 21:16:21 pal kernel: Packet log: good-bad REJECT eth0 PROTO=17
> 192.168.1.3:138 208.249.6.227:138 L=205 S=0x00 I=23054 F=0x0000 T=127 (#14)
> Dec 25 21:31:21 pal kernel: Packet log: good-bad REJECT eth0 PROTO=17
> 192.168.1.3:138 208.249.6.227:138 L=205 S=0x00 I=25614 F=0x0000 T=127 (#14)
> Dec 25 21:46:21 pal kernel: Packet log: good-bad REJECT eth0 PROTO=17
> 192.168.1.3:138 208.249.6.227:138 L=205 S=0x00 I=42513 F=0x0000 T=127 (#14)

> port 138 is "netbios-dgm", why would my windows PC (192.168.1.3) be
> trying to connect to this remote machine (208.249.6.227 which resolves to
> dresden.workgroup.com)????


 
 
 

1. Need advice re chaining http proxies

Requesting advice for creating a transparent proxy setup that contains
these proxies:
Privoxy
Apache
hapv

Desired:
Privoxy blocks ads
Apache, (proxy is on) caches pages
hapv (a new [ver 0.79]) virus scans incoming http.

1) How can all LAN users be forced to hit the first proxy?
2) What should the order of the proxies be?  Why?
3) What ensures that only incoming requests will hit the proxy chain?
Apache must continue to serve outside generated requests.
4) Should one or more of the proxies use localhost rather than an
internal IP?

I want hapv on the firewall machine if possible because hapv uses a
specially mounted ("mand") hard drive partition to store parts of the
file downloaded and the firewall machine is the only one that has
unpartitioned space.

Setup:
4 computers behind a Linux firewall
************
| FIREWALL |
************
   |   |   |---->[ GoToMyPC demo ]
   |   |   |----->[ Winblows ]
   V   \--------|
************|   |
| Apache    |   |
| Postfix   |   |
| FTP server|   |
************|   |
   \-->[LAN]    |
                V
******************
| NNTP           |
******************

The Apache+Postfix+FTP computer has forwarding on and SNATs lan users.
All LAN machines have gateway set to this machine.

Each of the above proxies has been installed and tested.  Setting a
browser - to proxy to each in turn - behaves correctly.

Thanks for any examples, suggestions, Etc.!
--
buck

2. 4.2.1 automounter problems

3. chaining signals

4. Moving Existing Linux to NEW HD.

5. module-init-tools and chained aliases

6. New TO AIX - adding harddrive

7. IP Chains Problem

8. How to differ the normal startup and crash dump reboot?

9. scsi IDs order in scsi chain

10. System Hangs on Boot With SCSI Chain Connected to NCR8100S

11. daisy chaining Ultra 2

12. IP Chains, IP Masq, and Dial on Demand Problems

13. ipchains / input-chain / loosing connection to yp-server