qeldroma

Is there something under linux?

I tried dia, but it doesn't have this.

Kivio either.

Yo,

tried shorewall, couldn't connect to the server any more, although ssh was freed.

Kicked it off.

Then tried iptables-generator. Could connect to server, but although i opened some ports, they didn't work.

Kicked it off.

After that i tried fwBuilder. Too complex. Thought i did it right, following the original tutorial. Cuoldn't get connected from LAN to the internet.

Kicked it off.

Now tried guarddog and firestarter. Configuration worked, but there was no way, to configure a LAN on a second NIC, i've got in this server.

Kicked them off.

....and then i tried by hand, now all works, there is just this little feeling of insecuriness, i have until someone else likes this script.....

I want to integrate following on an corporate-server (DSL to Internet, two NICs to LAN). Should i change something?

#!/bin/bash

NET2SERVER=""

LAN2SERVER="22 210 3306"

SERVER2LAN="80 8080 443 22 10000"

SERVER2NET="20 21 80 8080 443"

NET2LAN=""

LAN2NET="20 21 80 8080 110 119 443 995"

NIC2NET="ppp0"

NICs2LAN="eth1 eth2"

allowedICMP="echo-request destination-unreachable source-quench time-exceeded parameter-problem"



#############################################

## Modules                                 ##

#############################################

depmod -a

modprobe ip_tables

modprobe ip_conntrack

modprobe iptable_filter

modprobe iptable_mangle

modprobe iptable_nat

modprobe ipt_LOG

modprobe ipt_limit

modprobe ipt_state

modprobe ipt_owner

modprobe ipt_REJECT

modprobe ipt_MASQUERADE

modprobe ip_conntrack_ftp

modprobe ip_nat_ftp



#############################################

## Kernelparameter                         ##

#############################################

for i in /proc/sys/net/ipv4/conf/*/{accept_source_route,accept_redirects,send_redirects}

do

   echo 0 >$i

done



echo 1 >/proc/sys/net/ipv4/ip_forward

echo 1 >/proc/sys/net/ipv4/tcp_syncookies



#############################################

## reset rules                            ##

#############################################

iptables -F

iptables -t nat -F

iptables -t mangle -F

iptables -X

iptables -t nat -X

iptables -t mangle -X



iptables -P INPUT	DROP

iptables -P FORWARD	DROP

iptables -P OUTPUT	DROP



#############################################

## new  Rules                              ##

#############################################

iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p ALL -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT



# free IO

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT



for port in $SERVER2NET; do

iptables -A OUTPUT -p tcp --sport $port -j ACCEPT

iptables -A OUTPUT -p udp --sport $port -j ACCEPT

done

for port in $NET2SERVER; do

iptables -A INPUT -p tcp --dport $port -j ACCEPT

iptables -A INPUT -p udp --dport $port -j ACCEPT

done



for port in $SERVER2LAN; do

for NIC in $NICs2LAN; do

 iptables -A OUTPUT -i $NIC -p tcp --sport $port -j ACCEPT

 iptables -A OUTPUT -i $NIC -p udp --sport $port -j ACCEPT

done

done

for port in $LAN2SERVER; do

for NIC in $NICs2LAN; do

 iptables -A INPUT -i $NIC -p tcp --dport $port -j ACCEPT

 iptables -A INPUT -i $NIC -p udp --dport $port -j ACCEPT

done

done



iptables -A FORWARD -o $NIC2NET -p ALL -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

for NIC in $NICs2LAN; do

iptables -A FORWARD -o $NICs2LAN -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT

done

for port in $SERVER2NET; do

iptables -A OUTPUT -p tcp --sport $port -j ACCEPT

iptables -A OUTPUT -p udp --sport $port -j ACCEPT

done

for port in $SERVER2LAN; do

for NIC in $NICs2LAN; do

 iptables -A OUTPUT -i $NIC -p tcp --sport $port -j ACCEPT

 iptables -A OUTPUT -i $NIC -p udp --sport $port -j ACCEPT

done

done



iptables -t nat -A POSTROUTING -o $NIC2NET -j MASQUERADE



iptables -A OUTPUT -p udp --sport 1024: --dport 53 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 1024: --dport 53 -j ACCEPT

for DNS in $(cut -d ' ' -f 2 /etc/resolv.conf)

do

iptables -A INPUT -p udp -s $DNS --sport 53 -j ACCEPT

iptables -A INPUT -p tcp -s $DNS --sport 53 -j ACCEPT

done



for type in $allowedICMP; do

for NIC in $NICs2LAN; do

 iptables -A INPUT -i $NIC -p icmp --icmp-type $type -j ACCEPT

 iptables -A OUTPUT -o $NIC -p icmp --icmp-type $type -j ACCEPT

done

done



#############################################

## Logging                                 ##

#############################################

iptables -A INPUT -p tcp --dport netbios-ns -j DROP

iptables -A INPUT -p tcp --dport netbios-dgm -j DROP

iptables -A INPUT -p tcp --dport netbios-ssn  -j DROP

iptables -A INPUT -p udp --dport netbios-ns -j DROP

iptables -A INPUT -p udp --dport netbios-dgm -j DROP

iptables -A INPUT -p udp --dport netbios-ssn  -j DROP

iptables -A INPUT -p tcp --dport 631 -j DROP

iptables -A INPUT -p udp --dport 631 -j DROP

iptables -A INPUT -j LOG

iptables -A OUTPUT -j LOG



iptables -A INPUT -p tcp --dport auth -j REJECT --reject-with tcp-reset

iptables -A INPUT -j DROP



iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset

iptables -A OUTPUT -p udp -j REJECT

iptables -A OUTPUT -j DROP

Is that enough??

I want to do this under linux, not with visio under M$.

Is there a way?

Oh, my script fails in a special way:

When i am starting it DIRECTLY, it works well.

After having booted, i can manually switch "init 5" and it does. But when i am Restarting the machine in "init 5", the dm-service fails, the screen flashes some times, i can see the X, but after the 4. -5. flash, i am back to console.

Waiting some seconds and starting "prefdm" manually works then again?!

Got a solution:

You can change .ps-files via "/usr/bin/poster", which should be delivered with KDE.

Have fun.

Thanks but i was too fast, solved it on my own :mrgreen:

Following my /etc/X11/prefdm:

#!/bin/sh



PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin

HOME=/root

export HOME



# We need to source this so that the login screens get translated

[ -f /etc/profile.d/10lang.sh ] && . /etc/profile.d/10lang.sh



# trap SIGTERM to be able to kill autologin

killed () {

   kill -15 $!

   exit

}



trap killed 15



X -ac & sleep 2

export DISPLAY=":0"

echo -n $! >/var/lock/subsys/dm

su - MyUser -c startkde && ps aux |kill `awk '/X / {print $2}'`

exit 0

I added automatically closing of X with kde-shutdown.[/code]

How can i spread an A0-postscript-file on multiple A4-pages?

Aim is to start up a workstation without XDMCP-Management, menaing without KDM/GDM/XDM/MDKDM.

I don't need them, am the only user. How do i start up a KDE-session with a specified user from root (init)?

I tried to do it like this:

su TheUser --command=startx

This fails with the error, that i am probably not owning the console i am doing this.

How do i manipulate this? How do i substitute "X &; startkde" to an user?

So i am not running any servers on this machine i turn it off, right?

ok, thanx.

I am not sure about it.

I read the script, but am not sure i understood it in it's importance.

Can somebody tell me in clear simple words what it does REALLY?

...this is just to show that this question isn't answered by now ;-)

Oh sorry, read this today and had uninstalled CUPS now, installed LPD, now without problems. So i can't try the last idea, sorry to be so impatient, but had urgently to print sthg.

Working now with LPD/turboprint ;-)

Echo works, lpstat nothing special....?

Yes, it should be supported, regarding the homepage (AMDsomething-chip), but the "sensors-detect"-script doesn't find anything..

I got the Leadtek NCR18D.

Please, if someone got this solved, be so kind and post your "sensors.conf" and "modules.conf"?

Thanks.

Equal which version, one day it hangs!!

I got an Epson C62, and after printing some larger documents, it can't print any longer!!

No error, just printer get's ready again, as if it had printed. But he does nothing!!

I get furious about that!! Is it a cups fault? Or Mandrake/KDE/Ghostscript?

After such a faulty print without errors i can't print any more until i reinstall Mandrake!! reinstallation of CUPS/GS/FOOMATIC didn't help out!! Deleting /etc/cups and /var/spool/cups either.

Sorry for the !!, but i am REALLY upset, because i hoped, this is getting fixed now!!

I collected my experiences on this page, For all those, searching for answers about setting up X/ X-Terminals or TV-Out.

Greets, QD

Well, it worked with my old MoBo.

Since then, i had LM9.0: mouse weird

Now: LM9.1: Mouse weird

I switched off ACPI/Serial Ports/Parallel Ports/OnboardSound/OnboardModem. No help.

I don't know nothing whatsoever about why it happened, but my /etc/ppp/resolv.con had no reading right for non-owner.....

So, problem solved ;-)

My ut2003 installation doesn'T work properly. My mouse is jumping around weird, but all other is working, sound perfekt, 3D, etc...

Some ideas?

------------------------------------

MB Leadtek NCR18D (NForce2)

AOpen GForce4 MX440

SBLive 5.1

Just "Standard". It worked in the beginning, but after some restarts of the PC...

Well, it's pppoe, but it IS started while starting up, so internet exists while trying, but only root is capable to use it?!

When i am trying to browse with a non-root user, all i get is a "host not found". Pinging doesn't work.

If i su from this user to root, i can suddenly ping everything and start up browsers without any probs to connect to some sites.

Anybody???

What are the things, i'll have to do to update my ALSA (sound) to the actual beta?

If i am right, it's more than just adding an actual package, or?

Well, Linux as guest AND host ;-)

Wanna try different distros without big manipulations of my partitions...