qeldroma

Is there something under linux? I tried dia, but it doesn't have this. Kivio either.

Yo, tried shorewall, couldn't connect to the server any more, although ssh was freed. Kicked it off. Then tried iptables-generator. Could connect to server, but although i opened some ports, they didn't work. Kicked it off. After that i tried fwBuilder. Too complex. Thought i did it right, following the original tutorial. Cuoldn't get connected from LAN to the internet. Kicked it off. Now tried guarddog and firestarter. Configuration worked, but there was no way, to configure a LAN on a second NIC, i've got in this server. Kicked them off. ....and then i tried by hand, now all works, there is just this little feeling of insecuriness, i have until someone else likes this script.....

I want to integrate following on an corporate-server (DSL to Internet, two NICs to LAN). Should i change something? #!/bin/bash NET2SERVER="" LAN2SERVER="22 210 3306" SERVER2LAN="80 8080 443 22 10000" SERVER2NET="20 21 80 8080 443" NET2LAN="" LAN2NET="20 21 80 8080 110 119 443 995" NIC2NET="ppp0" NICs2LAN="eth1 eth2" allowedICMP="echo-request destination-unreachable source-quench time-exceeded parameter-problem" ############################################# ## Modules ## ############################################# depmod -a modprobe ip_tables modprobe ip_conntrack modprobe iptable_filter modprobe iptable_mangle modprobe iptable_nat modprobe ipt_LOG modprobe ipt_limit modprobe ipt_state modprobe ipt_owner modprobe ipt_REJECT modprobe ipt_MASQUERADE modprobe ip_conntrack_ftp modprobe ip_nat_ftp ############################################# ## Kernelparameter ## ############################################# for i in /proc/sys/net/ipv4/conf/*/{accept_source_route,accept_redirects,send_redirects} do echo 0 >$i done echo 1 >/proc/sys/net/ipv4/ip_forward echo 1 >/proc/sys/net/ipv4/tcp_syncookies ############################################# ## reset rules ## ############################################# iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -X iptables -t mangle -X iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP ############################################# ## new Rules ## ############################################# iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p ALL -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # free IO iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT for port in $SERVER2NET; do iptables -A OUTPUT -p tcp --sport $port -j ACCEPT iptables -A OUTPUT -p udp --sport $port -j ACCEPT done for port in $NET2SERVER; do iptables -A INPUT -p tcp --dport $port -j ACCEPT iptables -A INPUT -p udp --dport $port -j ACCEPT done for port in $SERVER2LAN; do for NIC in $NICs2LAN; do iptables -A OUTPUT -i $NIC -p tcp --sport $port -j ACCEPT iptables -A OUTPUT -i $NIC -p udp --sport $port -j ACCEPT done done for port in $LAN2SERVER; do for NIC in $NICs2LAN; do iptables -A INPUT -i $NIC -p tcp --dport $port -j ACCEPT iptables -A INPUT -i $NIC -p udp --dport $port -j ACCEPT done done iptables -A FORWARD -o $NIC2NET -p ALL -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT for NIC in $NICs2LAN; do iptables -A FORWARD -o $NICs2LAN -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT done for port in $SERVER2NET; do iptables -A OUTPUT -p tcp --sport $port -j ACCEPT iptables -A OUTPUT -p udp --sport $port -j ACCEPT done for port in $SERVER2LAN; do for NIC in $NICs2LAN; do iptables -A OUTPUT -i $NIC -p tcp --sport $port -j ACCEPT iptables -A OUTPUT -i $NIC -p udp --sport $port -j ACCEPT done done iptables -t nat -A POSTROUTING -o $NIC2NET -j MASQUERADE iptables -A OUTPUT -p udp --sport 1024: --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 53 -j ACCEPT for DNS in $(cut -d ' ' -f 2 /etc/resolv.conf) do iptables -A INPUT -p udp -s $DNS --sport 53 -j ACCEPT iptables -A INPUT -p tcp -s $DNS --sport 53 -j ACCEPT done for type in $allowedICMP; do for NIC in $NICs2LAN; do iptables -A INPUT -i $NIC -p icmp --icmp-type $type -j ACCEPT iptables -A OUTPUT -o $NIC -p icmp --icmp-type $type -j ACCEPT done done ############################################# ## Logging ## ############################################# iptables -A INPUT -p tcp --dport netbios-ns -j DROP iptables -A INPUT -p tcp --dport netbios-dgm -j DROP iptables -A INPUT -p tcp --dport netbios-ssn -j DROP iptables -A INPUT -p udp --dport netbios-ns -j DROP iptables -A INPUT -p udp --dport netbios-dgm -j DROP iptables -A INPUT -p udp --dport netbios-ssn -j DROP iptables -A INPUT -p tcp --dport 631 -j DROP iptables -A INPUT -p udp --dport 631 -j DROP iptables -A INPUT -j LOG iptables -A OUTPUT -j LOG iptables -A INPUT -p tcp --dport auth -j REJECT --reject-with tcp-reset iptables -A INPUT -j DROP iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A OUTPUT -p udp -j REJECT iptables -A OUTPUT -j DROP Is that enough??

I want to do this under linux, not with visio under M$. Is there a way?

Oh, my script fails in a special way: When i am starting it DIRECTLY, it works well. After having booted, i can manually switch "init 5" and it does. But when i am Restarting the machine in "init 5", the dm-service fails, the screen flashes some times, i can see the X, but after the 4. -5. flash, i am back to console. Waiting some seconds and starting "prefdm" manually works then again?!

Got a solution: You can change .ps-files via "/usr/bin/poster", which should be delivered with KDE. Have fun.

Thanks but i was too fast, solved it on my own :mrgreen: Following my /etc/X11/prefdm: #!/bin/sh PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin HOME=/root export HOME # We need to source this so that the login screens get translated [ -f /etc/profile.d/10lang.sh ] && . /etc/profile.d/10lang.sh # trap SIGTERM to be able to kill autologin killed () { kill -15 $! exit } trap killed 15 X -ac & sleep 2 export DISPLAY=":0" echo -n $! >/var/lock/subsys/dm su - MyUser -c startkde && ps aux |kill `awk '/X / {print $2}'` exit 0 I added automatically closing of X with kde-shutdown.[/code]

How can i spread an A0-postscript-file on multiple A4-pages?

Aim is to start up a workstation without XDMCP-Management, menaing without KDM/GDM/XDM/MDKDM. I don't need them, am the only user. How do i start up a KDE-session with a specified user from root (init)? I tried to do it like this: su TheUser --command=startx This fails with the error, that i am probably not owning the console i am doing this. How do i manipulate this? How do i substitute "X &; startkde" to an user?

So i am not running any servers on this machine i turn it off, right? ok, thanx.

I am not sure about it. I read the script, but am not sure i understood it in it's importance. Can somebody tell me in clear simple words what it does REALLY?

...this is just to show that this question isn't answered by now ;-)

Oh sorry, read this today and had uninstalled CUPS now, installed LPD, now without problems. So i can't try the last idea, sorry to be so impatient, but had urgently to print sthg. Working now with LPD/turboprint ;-)

Echo works, lpstat nothing special....?

Yes, it should be supported, regarding the homepage (AMDsomething-chip), but the "sensors-detect"-script doesn't find anything.. I got the Leadtek NCR18D. Please, if someone got this solved, be so kind and post your "sensors.conf" and "modules.conf"? Thanks.

Equal which version, one day it hangs!! I got an Epson C62, and after printing some larger documents, it can't print any longer!! No error, just printer get's ready again, as if it had printed. But he does nothing!! I get furious about that!! Is it a cups fault? Or Mandrake/KDE/Ghostscript? After such a faulty print without errors i can't print any more until i reinstall Mandrake!! reinstallation of CUPS/GS/FOOMATIC didn't help out!! Deleting /etc/cups and /var/spool/cups either. Sorry for the !!, but i am REALLY upset, because i hoped, this is getting fixed now!!

I collected my experiences on this page, For all those, searching for answers about setting up X/ X-Terminals or TV-Out. Greets, QD

Well, it worked with my old MoBo. Since then, i had LM9.0: mouse weird Now: LM9.1: Mouse weird I switched off ACPI/Serial Ports/Parallel Ports/OnboardSound/OnboardModem. No help.

I don't know nothing whatsoever about why it happened, but my /etc/ppp/resolv.con had no reading right for non-owner..... So, problem solved ;-)

My ut2003 installation doesn'T work properly. My mouse is jumping around weird, but all other is working, sound perfekt, 3D, etc... Some ideas? ------------------------------------ MB Leadtek NCR18D (NForce2) AOpen GForce4 MX440 SBLive 5.1

Just "Standard". It worked in the beginning, but after some restarts of the PC...

Well, it's pppoe, but it IS started while starting up, so internet exists while trying, but only root is capable to use it?!

When i am trying to browse with a non-root user, all i get is a "host not found". Pinging doesn't work. If i su from this user to root, i can suddenly ping everything and start up browsers without any probs to connect to some sites. Anybody???

What are the things, i'll have to do to update my ALSA (sound) to the actual beta? If i am right, it's more than just adding an actual package, or?

Well, Linux as guest AND host ;-) Wanna try different distros without big manipulations of my partitions...