Need some help

Post #154,634 by jbrabeck 5/11/04 2:13:30 PM Reply	Need some help A couple of years ago I set up a Linux firewall for a company. Works great. Now my contact wants to allow another building (another subnet) to access the internet through the firewall. Firewall is 192.168.0.1 New building is 192.168.4.xx IIRC I need to have him set up another route entry, but I don't remember where (file). He called yesterday. I told him I'd get back to him today, but due to a family emergency I spent last night in the ER (daughter is now fine) instead of in the Linux book. Any assistance would be appreciated. Joe Oh. Red Hat 6.? or 7.?
Post #154,689 by folkert 5/11/04 6:36:42 PM Reply	It is time for an UPDATE for sure. Firewall Builder is the BEST! [link\|http://www.fwbuilder.org/\|http://www.fwbuilder.org/] -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* Give a man a match, he'll be warm for a minute. Set him on fire, he'll be warm for the rest of his life!
Post #154,699 by ben_tilly 5/11/04 7:17:14 PM Reply	Redhat 6 or 7, being used as a firewall? I hope it hasn't been compromised. Lots of exploits have been found in the default installs of those over the years. I think that it was Redhat 6's default install which at one point had an average time to live unprotected on the internet of about 12 hours until it was rooted. If you seriously limited what you had on the box, most of those exploits wouldn't matter. But I wouldn't want to count on none of them mattering. Cheers, Ben To deny the indirect purchaser, who in this case is the ultimate purchaser, the right to seek relief from unlawful conduct, would essentially remove the word consumer from the Consumer Protection Act - [link\|http://www.techworld.com/opsys/news/index.cfm?NewsID=1246&Page=1&pagePos=20\|Nebraska Supreme Court]
Post #154,712 by folkert 5/11/04 9:00:53 PM Reply	CONFIRMATION! I installed a 6.2, with partial upgrading to 7.0 (that is that way I did it back then... you know). This was just after 7.0 came out. They switched to using XINETD. I love xinetd. iIt adds another layer for them to have to get by. I had it "almost" config'd. Should have downed it for the night. 4 hours after I left the machine was compromised. When I got in, I was told the internet was down.... Err. no. Without even checking anything I unplugged the machine. Everything went back to normal. Of course, now I was in DEEEP. I could not re-format as there was some data that was not backed up. I ended up doing a private vlan for it and another machine... transferred everything off. It was a half-life download server, I disccovered that it was the apache install that allowed the compromise. Oh well. Live and learn BTW, IPTABLES was no where anything redhat, until 7.2. And RedHat still used ipchains by default anyway. If it were me... Debian Woody and fwbuilder. small, easy to manage, works. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* Give a man a match, he'll be warm for a minute. Set him on fire, he'll be warm for the rest of his life!

Welcome to IWETHEY!