Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-01-2001, 01:03 PM   #1
LQ Newbie
Registered: May 2001
Posts: 5

Rep: Reputation: 0

i am trying to install floppyfw for cable modem connection
I'am trying to get this firewall running but at boot time i can see on my
modem that there is a broadcast for dhcp_discover but eth0 card doesn't get an ip back. i am
not famillar (newbie on the way) with the script but these are my config and
firewall files.
# Configuration for floppyfw
# Fill in the blanks.
# For configuring of modules to use : /modules.lst
# For configuring logging: /syslogd.cfg
# For configuring network interface cards (usually not necessary):
# For configuring firewall rules and incoming traffic: /firewall.ini
# Outside network:
# DHCP is the hook for the DHCP-client for the outside interface.
# If used, you may have hangups of connections when the client has
# to get a new IP-address.
# EXTERNAL is a hook for booting a external startup script from a package.
# the external script has to be in /etc/ext-up.init

# The external script can need you to add your username and password, as
# the PPPoE package does. This is where you can add that.
# USER_IDENT=xllejqrs

# eth0 default device.

# Not nescessary to set these if you are using DHCP

# Your inside network, this has 10.42.42.* set as default, this is
# addresses assigned for internal networks according to RFC 1918.
# eth1 is the default device for the internal network.

# Misc
# These are not nescessary to set if you are using DHCP.

# (y)es or (n)o

# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.

# If you don't like the -- MARK -- messages:

# Firewall setup.
# Setting up ipchains and ipmasqadm

. /etc/config

# Flushing the chains.
ipchains -F

# Policy for forwarding, Deny
# #ipchains -P forward DENY
# But we want to Masquerade
ipchains -A forward -i ${OUTSIDE_DEV} -j MASQ > /dev/null
ipchains -A forward -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j MASQ

# Using this one, you can open up the whole internal network to
# anyone adding a route to it through your outside IP.
# Can be quite useful but it is unsecure.
# (this is also the old behaviour of the floppy, and to my defence,
# I never said it was a secure default setting..)

#ipchains -P forward MASQ

# Timeouts for the masqueraded connections.
ipchains -M -S 6000 120 300

# Minimum delay for SSH.
ipchains -A output -p tcp -d 22 -t 0x01 0x10

# We don't like the NetBIOS and Samba leaking..
/bin/ipchains -I input -j REJECT -p TCP -s 0/0 -d 0/0 137:139
/bin/ipchains -I input -j REJECT -p UDP -s 0/0 -d 0/0 137:139

# Corresponding rules for the ipmasqadm lines below.
ipchains -A input -p TCP -d $1 21 -j ACCEPT
ipchains -A input -p TCP -d $1 22 -j ACCEPT
ipchains -A input -p TCP -d $1 25 -j ACCEPT
ipchains -A input -p TCP -d $1 80 -j ACCEPT
ipchains -A input -p TCP -d $1 110 -j ACCEPT
ipchains -A input -p TCP -d $1 119 -j ACCEPT

# Make happy.. or rather the "wow it's STEALTH" -crowd.
# If you are going to use ipmasqadm and inside servers you have to open
# up for them before this line. See above.
ipchains -A input -p TCP -y -j DENY -d $1

# Finally, list what we have
ipchains -L

# ipmasqadm takes care of connections from the outside to the inside.
# Remove these comments and the corresponding ACCEPT above to set it up.
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 21 # ftp
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 22 # ssh
ipmasqadm portfw -a -P tcp -L $1 25 -R 10.42.42.<SERVER-IP> 25 # mail
ipmasqadm portfw -a -P tcp -L $1 80 -R 10.42.42.<SERVER-IP> 80 # web
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 110 # pop
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 119 # nntp
# Rules set, we can enable forwarding in the kernel.
echo "Enabling IP forwarding."

echo "1" > /proc/sys/net/ipv4/ip_forward

I would apreciate detail explaination so i can remember what i don't
Thanks to all help
Old 06-01-2001, 01:19 PM   #2
Senior Member
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
most cable modem ISPs require you to send a 'hostname' to their dhcp servers/relay agents. If you're using dhcpcd to get the client address: 'dhcpcd -h <client_ID> <interface>'

Not sure where you will find it but look or the scrips that start your dhcp client. add the -h and your client-id (the one supplied by your ISP).

It's the same one they tell you put in the 'Hostname' box in your Winders Networking properties.

You will also need to add an ipchains rule to your setup to allow UDP/TCP bootpc (port 67 or 68... wetware is failing me today). This will let your sys accept the DHCP_OFFER from the dhcp server. Don't set it up as a masq rule.
Old 06-01-2001, 02:17 PM   #3
LQ Newbie
Registered: May 2001
Posts: 5

Original Poster
Rep: Reputation: 0
i added:
ipchains -A input -p UDP -d $1 67 -j ACCEPT
ipchains -A input -p TCP -d $1 68 -j ACCEPT
and it still doesn't work...
where do the dhcpd line:
'dhcpcd -h <client_ID> <interface>


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP problems and cable modem wmeler Linux - Software 6 01-29-2004 04:49 PM
cable modem and dhcp dead_p00l Linux - Networking 3 11-30-2003 02:29 AM
DHCP & Cable Modem raypen Linux - Networking 4 08-06-2003 09:16 PM
Cable Modem - How-to DHCP ? iraysyvalo Linux - Networking 17 07-16-2003 09:28 AM
DHCP set-up for cable-modem iraysyvalo Debian 5 07-16-2003 08:34 AM

All times are GMT -5. The time now is 12:53 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration