[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
- Subject: RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
- From: "Sean Ward" <planxty@xxxxxxxx>
- Date: Tue, 23 Apr 2002 23:48:00 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks, I'll give that a try. I've already defined a mask for the IP
addresses. It's odd. As it stands now, it lists a few, but not all of
them on start.
Sean
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Gerald Waugh
Sent: Tuesday, April 23, 2002 10:05 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail
forwarding
On Tuesday 23 April 2002 06:01 pm, Sean Ward wrote:
> Actually, it says:
>
> ## Set default policy
> $IPCHAINS -A output -j ACCEPT
> $IPCHAINS -A input -j DENY -l
> echo " Done!"
> echo ""
> echo "External: $OUTERIF $OUTERNET"
> echo "" ;;
>
> Should it read (assuming 7 IPs):
>
> ## Set default policy
> $IPCHAINS -A output -j ACCEPT
> $IPCHAINS -A input -j DENY -l
> echo " Done!"
> echo ""
> echo "External: $OUTERIF $OUTERNET1"
> echo "External: $OUTERIF:0 $OUTERNET2"
> echo "External: $OUTERIF:1 $OUTERNET3"
> echo "External: $OUTERIF:2 $OUTERNET4"
> echo "External: $OUTERIF:3 $OUTERNET5"
> echo "External: $OUTERIF:4 $OUTERNET6"
> echo "External: $OUTERIF:5 $OUTERNET7"
> echo "" ;;
>
> ???
well, even if it did, you have to define those other interfaces....
and it would not be $OUTERIF:0 it may be OUTERIF0 derived from eth0:0
What does it print out just after DONE?
Probably not your DNS ip address?
look at /usr/local/pmfirewall/pmfirewall.conf
OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \ -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
OUTERNET=$OUTERIP/$OUTERMASK
run the above and see what you get?
ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \ -f 1
ifconfig $OUTERIF | grep Mas | cut -d : -f 4
I assume all your IP addresses are in a class 'c' or smaller subnet.
so it may be you need a mask to define all teh ipaddresses.
--
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
Front Street Networks LLC - ph. 203.785.0699
229 Front Street, Ste. #C, New Haven, CT, United States of America
10:53pm up 33 days, 6:20, 3 users, load average: 1.11, 1.57, 1.69
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security