To [FMC]AMAG

	Forums Register Login My Profile Inbox Address Book My Subscription My Forums Member List Search FAQ Ticket List Log Out

To [FMC]AMAG

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> [Networking & Security] >> GFI LANguard >> To [FMC]AMAG

Page: [1]

Message

<< Older Topic Newer Topic >>

To [FMC]AMAG - 8.Mar.2001 11:51:00 AM

Guest

"I use the scanner through a firewall!
It is a Linux machine with kernel 2.4.1.
If you have acces to your router and its a linux machine with kernel 2.2.x you can fix it when you type:
ipchains -F
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P input MASQ

! This is the radical method and breaks
all security policies !

After that the metwork scanner works behind as good as before.

If you want some security try bedder rules,
this one are mine:

ipchains -F
ipchains -P input REJECT
ipchains -A input -j ACCEPT -i lo
ipchains -A input -s 192.168.0.0/255.255.0.0 -j ACCEPT -i eth0
ipchains -A input -p icmp -j ACCEPT
ipchains -A input -p tcp --dport 22 -j ACCEPT
ipchains -A input -p tcp --dport 80 -j ACCEPT
ipchains -A input -p tcp --dport 21 -j ACCEPT
ipchains -A input -p tcp -s ! 192.168.0.0/255.255.0.0 --dport 0:1023 -j REJECT
ipchains -A input -p udp -s ! 192.168.0.0/255.255.0.0 --dport 0:1023 -j REJECT
ipchains -A input -p tcp -s ! 192.168.0.0/255.255.0.0 --dport 1024: -y -j REJECT
ipchains -A input -p tcp -s ! 192.168.0.0/255.255.0.0 --dport 1024: -j ACCEPT
ipchains -A input -p udp -s ! 192.168.0.0/255.255.0.0 --dport 1024: -j ACCEPT
ipchains -P forward REJECT
ipchains -A forward -s 192.168.0.0/255.255.0.0 -d ! 192.168.0.0/255.255.0.0 -j MASQ
ipchains -A forward -s 192.168.0.0/255.255.0.0 -d 192.168.0.0/255.255.0.0 -j ACCEPT
ipchains -P output ACCEPT".

Could you please explain how to use all of you have written?. Will i have to write it on a msdos prompt?. Is it compiled in a program?. Is it just for LInux users (i have W98)?. What are the benefits of using it?. Will bypass any firewall?. If i bypass the firewall could i use a trojan?. What can i do?.
Thank you.

Post #: 1

RE: To [FMC]AMAG - 8.Mar.2001 12:43:00 PM

[FMC]AMAG

Posts: 7
Joined: 28.Feb.2001
From: DE
Status: offline

I think you recognised that every line starts with "ipchains". That is a programm on almost every linux system. If you want to use the scanner through a linux firewall you have to type all these lines into the promt ("shell" or "bash") it is equal to the msdos-shell.
You say that you have win98? Sure that this is your router??? Or do you just have a dial-up connection? If you habe a pc with a direct connection to the internet (modem, cable) then everything is fine, the programm works when your webbrowser or mail client works. If your are behind a router/firewall/NAT-Server then you habe to do something. Namely you have to say your router that it should route all your data through, eventually masquerade it.
If your win98 pc iss really a route the you use a special software (nat32 etc..)... read the manual of it to not filter ports 135-139 (TCP&UDP)

[FMC]AMAG

(in reply to Guest)