Jump to content

paul

Admin
 View Profile  See their activity

  • Posts

    5611

  • Joined

  • Last visited

  • Days Won

    8

 Content Type 

Posts posted by paul

  1. Batch file

    in Software

    Posted

    you mean a shell script :-)

    and depends on what you want. ou can running any script (just about) in any languauge (just about) from the command line

    it can have any name, or any extension (it doesn't work like windows does)

    example:

    a perl script (thisismyscript.name)

    #!/usr/bin/perl



insert perl stuff here

     

    a php script (thisismyscript.name)

    #!/usr/bin/php -q

<?

phpself();

?>

     

    then to run it

    you will need to make it executable

    chmod 755 thisismyscript.name

    then you should be able to execute it by doing

    ./thisismyscript.name

    if that doesn't work try doing

    perl ./thisismyscript.name

    or

    php ./thisismyscript.name

  4. MNF, web hosting

    in Security

    Posted

    yep ... but for security reasons I would do

    proxyarp

    67.x.x.127 eth1 eth0 no

    (67.x.x.127 being webServer IP)

     

    rules

    ACCEPT wan dmz tcp http 67.69.40.126

     

    don't forward UDP (big security hole) http only needs tcp port 80 (and 443 for https)

    if all you want is a webserver then then:

    rules

    ACCEPT wan dmz tcp http 67.69.40.126

    ACCEPT wan dmz tcp https 67.69.40.126

     

    I think ... you may have to specify then dmz ip address (try it without first)

    example:

    ACCEPT wan dmz:67.x.x.127 tcp http 67.69.40.126

    ACCEPT wan dmz:67.x.x.127 tcp https 67.69.40.126

     

    cool?

  5. MNF, web hosting

    in Security

    Posted

    correct ...

    I have 2 public IP's

     

    202.x.x.1 and 202.x.x.2

     

    firewall ip 202.x.x.1

    DNAT tcp+udp wan:202.x.x.1 dmz:202.x.x.2 dns

    ACCEPT tcp+udp wan dmz:202.x.x.2 dns

     

    which mean my primary AND secondary DNS records can be on one machine :-) cheating I know (some bodies gonna give me the lecture about DNS records being on different subnets :-( )

     

    have a read thru the docs at http://www.shorewall.net

  6. MNF, web hosting

    in Security

    Posted

    for http forwarding I did

    ACCEPT wan dmz:10.0.0.2 http

     

    and it worked fine.

     

    if you want to have public IP addresses in your DMZ its quite easy.

    put an entry in the proxyarp table, then change all your DNAT rules to ACCEPT rules.

    warning however, you may have to wait some time (in my case 2 days) for the ISP's arp table to update

  9. Mandrake Multi Network Firewall help plz

    in Security

    Posted

    The firewall by default has icmp_request turned off on all devices.

    Which means you won't be able to ping the firewall from anywhere

     

    a couple of points you should note

    if the network addresses are on the same subnet the firewall won't work

    example: eth0 192.168.1.1 eth1 192.168.1.2 <-- won't work !!!!!

     

    also MNF is NOT IE friendly (it just doesn't work with that stoopid browser)

    try accessing the firewall with mozilla (or pheonix)

    https://192.168.1.1:8443/

     

    if you have a look at your routing tables on the firewall, you will see why it won't work when the devices are on the same subnet.

     

    also I had to generate new ssl keys

    as root on the firewall:

    /usr/lib/ssl/mod_ssl/gen( something like genratekey.sh)

    then cp server.key and server.crt to /etc/http/conf/ssl/ (overwrite existing keys)

    then /etc/init.d/http-naat restart

    then you should all be good!

     

    p.s. the shameless plug on NZLUG worked :-)

  13. Mandrake Security MNF is available

    in Security

    Posted

    this from deno

    The MandrakeSecurity Multi Network Firewall (MNF, or simply "firewall") product is finally ready! You will have to wait a few more hours for the official announcement, but it's for real now:

     

    A long waiting is over, and the new "Mandrake firewall" with a bunch of high-end features is waiting for you to use it!

    and yes there is an ISO image !!! 8)

  16. more on seti at home

    in Everything Linux

    Posted

    Y

    Waitaminute.. what if Paul is an alien.. omygosh... that has to be true..  I know the truth is out there.. but this is so surprising.. wait till I tell the wo.....

     

    (dragged away by men in black).

     

    ha ha ... roswell "EAT MY DUST!!!" its all happening here in little ol' NZ !!! :lol:

  20. Bind DNS named Server really odd problem

    in Networking

    Posted

    when I build a DNS server I constantly, from another computer on the network do a "dig @192.168.1.1 mandrakeusers.org"

     

    if there is no access to the dns server (its not running or a firewall is blocking it) then it will return .. no DNS server found

     

    you can also do this from the DNS machine

    dig @localhost mandrakeusers.org

    if it returns anything (not an error of course) then its working fine, and could be a network/security issue

  22. Delaying eth1 initialization

    in Networking

    Posted

    hi Red

    this very thing happened to me when I first installed SNF

    I think what happens is when you edit the network card configuration, and especialy change what interface the admin is on, it seems to forget which driver goes with what card.

     

    if you a lsmod you will noptice that only one network driver is installed, and have a look at /etc/modules.conf I had problems in there too.

     

    The only way I could figure out how to fix it was to reinstall :-( any you do on the command line is forgotten when you reboot, which is why I decided to reinstall.

     

    I now have a nice reliable SNF running (I have also updated a bunch of software).

    are you able to update packages?? if you can't it probably mean you need to update some packages manually, which is not hard to do, but it may have some affect on how the www-front works.

×
×
  • Create New...