[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding

Subject: RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
From: "Sean Ward" <planxty@xxxxxxxx>
Date: Tue, 23 Apr 2002 23:48:00 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Thanks, I'll give that a try. I've already defined a mask for the IP
addresses. It's odd. As it stands now, it lists a few, but not all of
them on start.

Sean 

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Gerald Waugh
Sent: Tuesday, April 23, 2002 10:05 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail
forwarding

On Tuesday 23 April 2002 06:01 pm, Sean Ward wrote:
> Actually, it says:
>
>      ## Set default policy
>      $IPCHAINS -A output -j ACCEPT
>      $IPCHAINS -A input -j DENY -l
>      echo "             Done!"
>      echo ""
>      echo "External: $OUTERIF   $OUTERNET"
>      echo "" ;;
>
> Should it read (assuming 7 IPs):
>
>      ## Set default policy
>      $IPCHAINS -A output -j ACCEPT
>      $IPCHAINS -A input -j DENY -l
>      echo "             Done!"
>      echo ""
>      echo "External: $OUTERIF   $OUTERNET1"
>      echo "External: $OUTERIF:0 $OUTERNET2"
>      echo "External: $OUTERIF:1 $OUTERNET3"
>      echo "External: $OUTERIF:2 $OUTERNET4"
>      echo "External: $OUTERIF:3 $OUTERNET5"
>      echo "External: $OUTERIF:4 $OUTERNET6"
>      echo "External: $OUTERIF:5 $OUTERNET7"
>      echo "" ;;
>
> ???

well, even if it did, you have to define those other interfaces....
and it would not be $OUTERIF:0  it may be OUTERIF0 derived from eth0:0
What does it print out just after DONE?
Probably not your DNS ip address?
look at  /usr/local/pmfirewall/pmfirewall.conf

OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \  -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
OUTERNET=$OUTERIP/$OUTERMASK

run the above and see what you get?
ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \  -f 1
ifconfig $OUTERIF | grep Mas | cut -d : -f 4

I assume all your IP addresses are in a class 'c' or smaller subnet.
so it may be you need a mask to define all teh ipaddresses.


-- 
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
Front Street Networks LLC - ph. 203.785.0699
229 Front Street, Ste. #C, New Haven, CT, United States of America
10:53pm up 33 days, 6:20, 3 users, load average: 1.11, 1.57, 1.69
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- Re: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
Next by Date: [cobalt-security] Bad mail getting through.
Previous by thread: Re: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
Next by thread: [cobalt-security] HTTP/FTP Proxy in a CGI Script (Banned)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index