[plug] IPCHAINS

[Simon Scott]

	A few things I can help with

	a) port 6635 is an unpriveleged port, so it could be anything. More
than likely someone rooted your box and opened it to come back to later.
	b) IPCHAINS isnt a process, its a set of rules that the kernel uses
to accept/deny connections. Your setup in rc.local sounds valid. check dmesg
to see if any errors occur on boot.
	c) If you are talking about using a server to give internet access
to a lan, you might want to setup ip masquerading which is little more (if
it is compiling into the kernel) that turning it on via the proc directory
and a few ipchains rules. I constructed mine via a howto, but Ive forgotten
its name.
	d) You can use tools to test the validity of the rules, nmap I
believe and some other stuff.... Basically to check that its working run a
portscan on yourself :) Check which ports are open and anything that is open
either close or find out what has it open and remain on top of patches for
that tool.

	Im practically a newbie (so I dont need me :) and I have the worst
memory for details so take this with a grain of salt, but Im sure someone
will correct me.



	From:	Stephen Lamont <Stephen.Lamont at eddept.wa.edu.au> on
26-03-2001 01:51 PM
	Please respond to plug at plug.linux.org.au@SMTP at Exchange
	To:	plug at plug.linux.org.au@SMTP at Exchange
	cc:	 

	Subject:	[plug] IPCHAINS

	Could anyone help me with a problem I have.
	1. I have run a Linux server for over three years as a server.
Recently I
	had to upgrade to Redhat 7 and have rebuilt. Myold box had a port
6635 open
	to which people could telnet into a root bash prompt. I have now
rebuilt and
	it wasn't an issue. But I am interested as I was running Redhat 6
with a ppp
	connection squid, sendmail, etc. What is port 6635 and how did it
get open.
	2. Now I have rebuilt my server, I'm running squid, remote access,
etc, but
	I am dealing with IPCHAINS. I have read all the documention
regarding the
	set up from Redhat's site (Rusty Russell)and have written a set of
rules
	which I have placed in a file (chmod 700) in the /usr/sbin
directory.
	Firewall.config is the name of the rules file I wrote. I then wrote
the line
	in rc.local as:
	. /usr/sbin/firewall.config
	1.My problem is that I want to know if IPCHAINS is running?When I do
a ps
	aux |more the I cannot see the process. Does it have one?
	2. I want to make my system secure so I can go out but not in -any
web pages
	(I have read just about everything I can find at Redhat)
	3. I have the file /proc/net/ip_fwchains so it is loaded in the
kernel.
	4. Any advice on getting the thing going and knowing if it is
working?
	Regards
	Steve Lamont

	-----Original Message-----
	From: Kai [mailto:vk6ksj at siwa.com.au]
	Sent: Sunday, 25 March 2001 3:06 PM
	To: plug at plug.linux.org.au
	Subject: Re: [plug] Seting up Linux Box


	Almost forget.
	In Red Hat under /usr/doc (I think they've kept the same place) you
can
	find documentation on everything that comes with Red Hat systems.

	RH 7.0's doco's are good enough but the web doco's maybe a little
bit
	more up to date (although don't quote me on that.)

	HTH

	/Kai

	> Joel wrote:
	>
	> I was wondering if anyone knows any good sites on the net that
have
	> howto guides for setting up BIND, Apache etc on my Linux box, also
for
	> sharing the internet over my small network at home using a
standard
	> dailup connecting. Im using redhat 7.
	>
	> Cheers Joel fraser




**********************************************************************
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they   
are addressed. If you have received this email in error please notify 
the system manager.

This footnote also confirms that this email message has been swept by 
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************