ntl cable modem and config for hosts.allow if deny all@all, paranoid

Emmanuel_uk · 06-30-2005, 02:11 AM

Hello,

Am sort of newbee to linux, but really new to networking.
I have read quite a bit about NTL cable modem configuration but I am left
with 2 questions:

If /etc/hosts.deny reads all:all@all, paranoid (I think this is sensible for security)

Do I then need specific instructions in /etc/hosts.allow?
to allow the cable company to access my dhcp client for example
(or anything else than dhcp that the cableco may need to access)?

I am asking because in http://www.jandg-cooper.com/home_network/internet.html
section "Putting up a Firewall" it is recommended to add some lines for dhcp (via iptables)

I am running shorewall. The distro is Mandriva LE2005.
The connection will be on eth1 ("Gigabyte card")
The firewall settings (via the GUI) are such that even ping are not allowed.

The other question is in three parts
1) Do I really need to let the cable co be able to ping my PC?
2) Can I restrict authorisation to ping my PC to only the cable co
3) Any advice on what to be carefull about re the firewall, I mean, is there
a newbee pitfall whereby default firewall settings are such that they can
prevent the installation of a cable modem?

Any help appreciated. I will post some kind of howto/summary of how I went
on with the installation of the cable modem (installation due this week-end).
I do not trust the cable co to be competent, but I will make them do a bit of linux nevertheless,
so that is why I try to learn as much as possible beforehand.

I am armed with print outs of
http://www.linuxcompatible.org/cdetail10319.html
http://www.chetnet.co.uk/articles/in..._v2&id=60&c=14
http://www.pcplus.co.uk/tutorials/de...bsectionid=377
http://www.linuxquestions.org/questi...003/10/4/93799 (antken answer)
http://www.linuxquestions.org/questi...hreadid=106269

And I have made a script that prints info from lsmod, ethtool, cat resolve.conf, ifconfig, route -n, cat ifcfg-eth1, lspci, chkconfig,
and a few other things using grep. Hopefully that should help

I have installed dhcp and pump (the install prompt came when playing
with drakconnect and seeing if these were available)

Thanks
Regards

blanny · 06-30-2005, 03:00 AM

As far as I know, you shouldn't need to allow the ISP because they aren't using a service on your box. Deny all is ok if you don't have any services running. It would be different if you were trying to run dhcpcd instead of dhclient.

Emmanuel_uk · 06-30-2005, 03:22 AM

Thanks.

The PC will not provide any services to the outside world.
I am glad you pointed out there was a difference between
dhcpd and dhclient (I had not looked at this in details).

I will try with dhclient first.

NB: A few of the instructions (like pcplus) mention using CLI like

dhcpd -h username -d eth1

to "wake up the modem and let the PC talk to it"

From what you are saying this might not work.
Any idea of what would be needed in hosts.allow then?