by Howdy,
I would like to set up a Linux Box as a firewall. I have
installed Redhat 5.2 on a 486 with a dial up connection and a NIC
which is on a LAN with a Win95 box. My kernal is 2.0.36 and I found
ipfwadm 2.3.0. at /sbin. I currently can ping on my LAN. From the
Linux Box I can ping my ISP and other domains with IP address and
Domain Names.
I have found many postings with advice, maybe too many. I'm
getting info overload. I would first just like to get something going
and address security later. I'm not running any servers (in).
I took this file:
--------------------------begin-rc.firewall-----------------------------
#!/bin/sh
#
# /etc/rc.d/rc.firewall, define the firewall configuration, invoked
from
# rc.local.
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# Accept icmp from trusted hosts
ipfwadm -I -a accept -P icmp -S 125.179.213.0/24 -D
125.179.213.230/32
# Deny icmp from untrusted hosts
ipfwadm -I -a deny -P icmp -S 0.0.0.0/0 -D 125.179.213.230/32
# Deny all connections from malicious/evil hosts
ipfwadm -I -a deny -D 125.179.213.230/32 -S 210.111.213.66/32
# Forward connections from trusted hosts on your LAN
ipfwadm -F -a masquerade -S 10.1.1.1/2 -D 0.0.0.0/0
# Accept tcp/udp packets from trusted hosts on certain ports
ipfwadm -I -a accept -P tcp -S 125.179.213.0/24 -D
125.179.213.230/32 23
ipfwadm -I -a accept -P udp -S 125.179.213.0/24 -D
125.179.213.230/32 23
# Do this for all your ports that you have been attacked on
# Deny tcp/udp packets from untrusted hosts
ipfwadm -I -a deny -P tcp -D 125.179.213.230/32 23 -S 0.0.0.0/0
ipfwadm -I -a deny -P udp -D 125.179.213.230/32 23 -S 0.0.0.0/0
# Do this for all your ports that you have been attacked on
--------------------------end-rc.firewall-----------------------------
...... and made it /etc/rc.d/rc.firewall. My LAN is 10.1.1.1/2.
Now from http://rlz.ne.mediaone.net/linux/index3.shtml I started to
compile my kernel. So I --
cd /usr/src/linux
make mrproper
make xconfig
and got error-
Error in starup script: invalid command line name "button"
while executing
"button .ref:
(file "scripts/kconfig.tk" line26)
mahe:*** [xconfig] error 1
My next steps were to be -
enable these:
?loadable module support ?kernel daemon support (for autoloading
modules) ?networking support ?network firewalls ?TCP/IP networking
?<your driver(s)> ?IP: forwarding/gatewaying ?IP: syn cookies ?IP:
firewall packet logging ?IP: masquerading ?ICMP: masquerading (if you
want to ping from an internal machine) ?IP: accounting ?IP: drop
source routed frames
then;
make dep
make clean
make boot
make modules
cd /lib/modules
mv <the current version directory> <the current version
directory>.original
cd /usr/src/linux
make modules_install
cd /boot
mv vmlinuz.<version> vmlinuz.original
cp /usr/src/linux/arch/i386/boot/zImage ./vmlinuz.new
ln -fs vmlinuz.new vmlinuz
mv System.map.<version> System.map.original
cp /usr/src/linux/System.map ./System.map.new
ln -fs System.map.new System.map
cd /etc
My questions are-
Do I have a clue?
What does that error mean and did it do any damage?
How does the file rc.firewall get started? Do I do a chmod? Does it
get linked to something?
Does _mv <the current version directory> <the current version
directory>.original_ mean _mv 2.0.36 2.0.36.original_?
thanks
M B
bold at city-net com