Date: Thu, 16 May 2002 23:06:32 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: Alexandr Kovalenko <never@nevermind.kiev.ua> Cc: mohammad mirzaeenasir <hezare3@hotmail.com>, marcr@closed-networks.com, freebsd-security@FreeBSD.ORG Subject: Re[2]: reply Message-ID: <44104033432.20020516230632@internethelp.ru> In-Reply-To: <20020516182057.GB7239@nevermind.kiev.ua> References: <F9Mv2bKuX5TEMoUBuao00002523@hotmail.com> <20020516182057.GB7239@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Alexandr, Thursday, May 16, 2002, 10:20:57 PM, you wrote: AK> Hello, mohammad mirzaeenasir! AK> On Thu, May 16, 2002 at 12:23:52PM +0000, you wrote: >> hi, >> thanks for your reply.I installed a transparent proxy on my machine with >> "ipfw" rules.everything is ok and i tested it.but someone told me that >> if you set your "kernel_secure_level = NO" , all kind of tcp connection >> will ignore by kernel and for example in the case of telneting it , >> it will reply "connection timed out". and i checked it , he was quit >> right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it >> will reply me "connection refused". >> now, plz help me to find out more. AK> It depends on how will you access your machine. If you're accessing via AK> ssh, you should add sshd_enable="YES" to your /etc/rc.conf. Now you AK> should determine which ports do you need to be open. For your case it AK> will be 22 (ssh), 3128 (squid). So you can allow only those ports with AK> ipfw add allow tcp from any to any 22 in recv ed0 AK> ipfw add allow tcp from any 22 to any out xmit ed0 AK> ipfw add allow tcp from any to any 3128 in recv ed0 AK> ipfw add allow tcp from any 3128 to any out xmit ed0 AK> and finally deny all other packets: AK> ipfw deny ip from any to any AK> P.S. securelevel has nothing to do with firewall. Hmm... Not quite nothing. AFAIK on some securelevels you cannot add or delete ipfw rules. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44104033432.20020516230632>