TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:6820] CISCO 675 ASDL USWEST (Really RE: IP MASQ, IPCHAINSstuff)
Check out this slick html front-end to ipchians and ipfwadm for setting up
packet filtering, masquerading and protecting yourself. Anyone with a
Linux Machine connected to the internet by something fast should use
at least some form of packet filtering. The safety of the universe
depends on it!
Try the Firewall / ipchains / ipfwadm tool here:
http://rlz.ne.mediaone.net/linux/firewall/
Don't forget to read the HowTo to see how it works:
ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/IPCHAINS-HOWTO
Peter Lukas
On Mon, 12 Jul 1999, Tim Neu wrote:
>
> On Mon, 12 Jul 1999 wade.a.harding@ac.com wrote:
>
> > True enough. But if you do that, how can you separate the internal network from
> > the external? Would you rely on USWest not routing packets on a 192.168.x.x
> > network, or set the router up to drop them?
>
> Just set up your Linux box to only forward 192.168.x.x - anything US west
> uses will be outside of that subnet and could not be routed (from what I
> understand).
>
> Of course, if US west were to be compromised, the attacker could assign
> you a dhcp address inside your subnet mask; and then access the rest of
> your private network... And, as you suggest; if US West had TERRIBLY
> incorrect router configuration, you may have some vulnerability to other
> US West customers (if 192.168 were routed by mistake)
>
> I believe you can also set up routing rules for each specific interface.
> If your PC would be connected to the internet full time, it would be a
> good idea to do your homework on this stuff... It just seems to be a
> waste of a good nic card...
>
> At one time I had my linux box set up to IP Masquerade through one IP
> address to my work network; while having a second interface on the local
> network. It worked VERY well...
>
> > Tim Neu <tim@tneu.visi.com>
> > 07/11/99 09:11 PM GMT
> > Please respond to tclug-list@mn-linux.org
> >
> > To: tclug-list@mn-linux.org
> > cc: (bcc: Wade A. Harding)
> > Subject: Re: [TCLUG:6820] CISCO 675 ASDL USWEST
> >
> >
> >
> >
> > You don't even need two nic's. The kernel IP Aliasing feature is
> > designed to allow your linux box to have two ip addresses - Just set up
> > eth0 to your home network IP and eth0:0 to your DHCP assigned IP from US
> > West. Then you can set up masquerading as usual...
> >
> > On Tue, 6 Jul 1999 wade.a.harding@ac.com wrote:
> >
> > > I thought that USWest handed out as many DHCP IP's as you could suck up. (?)
> > If
> > > a "true" IP is not an issue, stick a linux box with 2 NIC's in and do
> > > masquerade. It's what I did until I bought the Visi 6-pack of IP's.... Aah....
> > a
> > > six pack... :)
> > >
> > > -Wade
> > >
> > >
> > > Bob Tanner <tanner@real-time.com>
> > > 07/06/99 07:47 PM GMT
> > > Please respond to tclug-list@mn-linux.org
> > >
> > > To: tclug-list@mn-linux.org
> > > cc: (bcc: Wade A. Harding)
> > > Subject: Re: [TCLUG:6820] CISCO 675 ASDL USWEST
> > >
> > >
> > >
> > >
> > > USWest still does bridging(?), and your computer is requesting a DHCP address
> > > and you probably bought only 1 IP from them.
> > >
> > > Quoting noid (noid@bruce-lee.com):
> > > > Hello
> > > > I just installed a Cisco 675 router on a computer connected to a hub. I'm
> > > > using ADSL from USWEST, who claims I can can have multiple computers
> > > > running on a lan connected to the router, but won't support and
> > > > troubleshooting beyond installation.
> > > >
> > > > My question is, why does the router only hand out 1 IP address. The router
> > > > is config'd for DHCP, but will hand out the same address <10.0.0.2> to any
> > > > computer logging on to the network, which causes IP conflicts.
> > > >
> > > > Any help would be appreciated!!!
> > > >
> > > >
> > > >
> > > > _____________________________________________
> > > > Free email with personality! Over 200 domains!
> > > > http://www.MyOwnEmail.com
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > > --
> > > Bob Tanner <tanner@real-time.com> | Phone : (612)943-8700
> > > http://www.real-time.com | Fax : (612)943-8500
> > > Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>