LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-01-2001, 02:03 PM   #1
c0c0deux
LQ Newbie
 
Registered: May 2001
Posts: 5

Rep: Reputation: 0

i am trying to install floppyfw for cable modem connection
I'am trying to get this firewall running but at boot time i can see on my
modem that there is a broadcast for dhcp_discover but eth0 card doesn't get an ip back. i am
not famillar (newbie on the way) with the script but these are my config and
firewall files.
Config
#
# Configuration for floppyfw
#
# Fill in the blanks.
#
# For configuring of modules to use : /modules.lst
# For configuring logging: /syslogd.cfg
# For configuring network interface cards (usually not necessary):
/syslinux.cfg
# For configuring firewall rules and incoming traffic: /firewall.ini
#
#
# Outside network:
#
#
# DHCP is the hook for the DHCP-client for the outside interface.
# If used, you may have hangups of connections when the client has
# to get a new IP-address.
#
# EXTERNAL is a hook for booting a external startup script from a package.
# the external script has to be in /etc/ext-up.init
#
#OUTSIDE_IP=
OUTSIDE_IP=DHCP
#OUTSIDE_IP=EXTERNAL

#
# The external script can need you to add your username and password, as
# the PPPoE package does. This is where you can add that.
# USER_IDENT=xllejqrs
# USER_PASSWORD=xde094

#
#
# eth0 default device.
#
OUTSIDE_DEV=eth0

#
# Not nescessary to set these if you are using DHCP
#
OUTSIDE_NETMASK=
OUTSIDE_NETWORK=
OUTSIDE_BROADCAST=

#
# Your inside network, this has 10.42.42.* set as default, this is
# addresses assigned for internal networks according to RFC 1918.
#
# eth1 is the default device for the internal network.
#
INSIDE_IP=10.42.42.1
INSIDE_DEV=eth1
INSIDE_NETMASK=255.255.255.0
INSIDE_NETWORK=10.42.42.0
INSIDE_BROADCAST=10.42.42.255

#
# Misc
# These are not nescessary to set if you are using DHCP.
#
DEFAULT_GATEWAY=
NAME_SERVER_IP1=24.200.243.242
NAME_SERVER_IP2=24.200.243.250
DOMAIN=videotron.ca
HOSTNAME=dl

#
# (y)es or (n)o
#
OPEN_SHELL=y
ONLY_8M=n

#
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
#
USE_SYSLOG=n
SYSLOG_FLAGS="-m 360"

# If you don't like the -- MARK -- messages:
#SYSLOG_FLAGS="-m 0"

firewall
# Firewall setup.
#
# Setting up ipchains and ipmasqadm
#

. /etc/config

#
# Flushing the chains.
#
ipchains -F

#
# Policy for forwarding, Deny
#
# #ipchains -P forward DENY
# But we want to Masquerade
ipchains -A forward -i ${OUTSIDE_DEV} -j MASQ > /dev/null
ipchains -A forward -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j MASQ

# Using this one, you can open up the whole internal network to
# anyone adding a route to it through your outside IP.
# Can be quite useful but it is unsecure.
# (this is also the old behaviour of the floppy, and to my defence,
# I never said it was a secure default setting..)

#ipchains -P forward MASQ

#
# Timeouts for the masqueraded connections.
#
ipchains -M -S 6000 120 300

#
# Minimum delay for SSH.
#
ipchains -A output -p tcp -d 0.0.0.0/0 22 -t 0x01 0x10

#
# We don't like the NetBIOS and Samba leaking..
#
/bin/ipchains -I input -j REJECT -p TCP -s 0/0 -d 0/0 137:139
/bin/ipchains -I input -j REJECT -p UDP -s 0/0 -d 0/0 137:139

#
# Corresponding rules for the ipmasqadm lines below.
#
ipchains -A input -p TCP -d $1 21 -j ACCEPT
ipchains -A input -p TCP -d $1 22 -j ACCEPT
ipchains -A input -p TCP -d $1 25 -j ACCEPT
ipchains -A input -p TCP -d $1 80 -j ACCEPT
ipchains -A input -p TCP -d $1 110 -j ACCEPT
ipchains -A input -p TCP -d $1 119 -j ACCEPT

#
# Make http://www.grc.com happy.. or rather the "wow it's STEALTH" -crowd.
# If you are going to use ipmasqadm and inside servers you have to open
# up for them before this line. See above.
#
ipchains -A input -p TCP -y -j DENY -d $1

#
# Finally, list what we have
#
ipchains -L

#
# ipmasqadm takes care of connections from the outside to the inside.
# Remove these comments and the corresponding ACCEPT above to set it up.
#
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 21 # ftp
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 22 # ssh
ipmasqadm portfw -a -P tcp -L $1 25 -R 10.42.42.<SERVER-IP> 25 # mail
ipmasqadm portfw -a -P tcp -L $1 80 -R 10.42.42.<SERVER-IP> 80 # web
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 110 # pop
ipmasqadm portfw -a -P tcp -L $1 22 -R 10.42.42.<SERVER-IP> 119 # nntp
# Rules set, we can enable forwarding in the kernel.
#
echo "Enabling IP forwarding."

echo "1" > /proc/sys/net/ipv4/ip_forward


I would apreciate detail explaination so i can remember what i don't
understand.
Thanks to all help
 
Old 06-01-2001, 02:19 PM   #2
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
most cable modem ISPs require you to send a 'hostname' to their dhcp servers/relay agents. If you're using dhcpcd to get the client address: 'dhcpcd -h <client_ID> <interface>'

Not sure where you will find it but look or the scrips that start your dhcp client. add the -h and your client-id (the one supplied by your ISP).

It's the same one they tell you put in the 'Hostname' box in your Winders Networking properties.

You will also need to add an ipchains rule to your setup to allow UDP/TCP bootpc (port 67 or 68... wetware is failing me today). This will let your sys accept the DHCP_OFFER from the dhcp server. Don't set it up as a masq rule.
 
Old 06-01-2001, 03:17 PM   #3
c0c0deux
LQ Newbie
 
Registered: May 2001
Posts: 5

Original Poster
Rep: Reputation: 0
i added:
ipchains -A input -p UDP -d $1 67 -j ACCEPT
ipchains -A input -p TCP -d $1 68 -j ACCEPT
and it still doesn't work...
where do the dhcpd line:
'dhcpcd -h <client_ID> <interface>
goes?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP problems and cable modem wmeler Linux - Software 6 01-29-2004 05:49 PM
cable modem and dhcp dead_p00l Linux - Networking 3 11-30-2003 03:29 AM
DHCP & Cable Modem raypen Linux - Networking 4 08-06-2003 10:16 PM
Cable Modem - How-to DHCP ? iraysyvalo Linux - Networking 17 07-16-2003 10:28 AM
DHCP set-up for cable-modem iraysyvalo Debian 5 07-16-2003 09:34 AM


All times are GMT -5. The time now is 04:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration