[NCLUG] ipchains and firewalls

jdewitt at mail.frii.com jdewitt at mail.frii.com
Thu Jan 24 15:40:24 MST 2002 

I don't know about Linksys appliances, but the SMC barricades
allow you to direct traffic on specific ports to designated 
internal servers in its 192.168.. net. One model has 802.11
and they are totally configurable from a web browser.

JD

> 
> Mike wrote:
> 
> >On the other hand, I would personally suggest that you lose this rule,
> >and instead use the -X flag on SSH to transmit your X sessions securely.
> 
> I can't ssh to the machine of interest.  I could probably ssh from
> that machine to my machine, assuming I know how to set it up. But then
> would I still need some entry in ipchains to allow ssh in?
> 
> >Finally, nmap (www.insecure.org/nmap) is your friend.  Load it on a
> >remote machine, and run it against your own machine to see which ports
> >are available to the world at large.
> 
> Thanks.
> 
> >Most of the ones that I have seen (Linksys) will allow you to designate
> >a single DMZ machine, which incomming traffic is routed to.  IPChains
> >(or portfw, to be exact) will allow you to forward ports to any number
> >of machines. So I guess you lose that control...  Otherwise, the
> >functionality seems to be similar.  I didn't explore it, but the Linksys
> >seems to have a great number of advanced options, that one might argue,
> >are easier to get at then the Linux ones.  I think it essentially comes
> >down to what you are willing to pay for -- time or equipment.
> 
> If I understand the DMZ machine idea it means I have one machine
> that's open to the world for everything? I can't do that.
> 
> This got me thinking of another problem.  I only have one ip address
> but I want to set up a network using masquerading. I also want to
> start an X job on a machine outside the firewall and have it display on
> one machine inside the firewall. It's always the same machine. On
> the remote machine I set the display variable to the one ip address I
> have. Something needs to route the packets to the one machine where I 
> want the display.  Can I do this with ipchains?  Can I do this with
> linksys? 
> 
> 
> Neil wrote:
> 
> >Have you looked at SmoothWall?  www.smoothwall.org  Neat stuff that.
> 
> That is slick.
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
>

More information about the NCLUG mailing list