1 |
Le Samedi 27 Mai 2006 11:40, Dave S a écrit : |
2 |
> Hi all, |
3 |
> |
4 |
> This is a bit OT but I have a netgear router DG834 ADSL firewall router. I |
5 |
> have restricted my incoming services with ... |
6 |
> |
7 |
> Enable Service Name Action LAN Server IP address WAN Users Log |
8 |
> on bit torrent ALLOW always 192.168.0.5 Any Always |
9 |
> Default Yes Any BLOCK always Any Any Never |
10 |
> |
11 |
> And tightened my outgoing services with ... |
12 |
> |
13 |
> Enable Service Name Action LAN Users WAN Servers Log |
14 |
> on HTTP ALLOW always Any Any Always |
15 |
> on HTTPS ALLOW always Any Any Always |
16 |
> on POP ALLOW always Any Any Always |
17 |
> on SMTP ALLOW always Any Any Always |
18 |
> on NTP ALLOW always Any Any Always |
19 |
> on FTP ALLOW always Any Any Always |
20 |
> on rsync ALLOW always Any 0.0.0.0 Never |
21 |
> on GM Port 389 ALLOW always 192.168.0.6 Any Always |
22 |
> on GM Port 1503 ALLOW always 192.168.0.6 Any Always |
23 |
> on GM Port 1731 ALLOW always 192.168.0.6 Any Always |
24 |
> on GM 1024-65K ALLOW always 192.168.0.6 Any Always |
25 |
> on H.323 ALLOW always 192.168.0.6 Any Always |
26 |
> on Port >1023 ALLOW always Any Any Always |
27 |
> on Samba ALLOW always Any 0.0.0.0 Always |
28 |
> on samba2 ALLOW always Any 0.0.0.0 Always |
29 |
> on samba3 ALLOW always Any 0.0.0.0 Always |
30 |
> on Any(ALL) BLOCK always Any Any Always |
31 |
> Default Yes Any ALLOW always Any Any |
32 |
> |
33 |
> Some services like rsync and samba I want to keep within my LAN but my |
34 |
> DG834 insists I give it a least one IP address on the WAN that my service |
35 |
> can be broadcast to. I selected 0.0.0.0 |
36 |
> |
37 |
> Can anyone advise, am I going about this the right way, any comment greatly |
38 |
> appreciated :) |
39 |
> |
40 |
> Cheers |
41 |
> |
42 |
> Dave |
43 |
|
44 |
I am not the best net admin on earth, but it seems to me that 0.0.0.0 is |
45 |
definitely not a broadcast address. If you want to keep things in your lan, |
46 |
you should have something like 192.168.0.255 instead. |
47 |
|
48 |
Moreover, I do not quite understand what you are trying to do. I had |
49 |
approximately the same router (same brand anyway), and it did not block any |
50 |
lan-only services. What you're telling it is, for example, to block |
51 |
*outgoing* rsync. This should not in any case be blocking an rsync between |
52 |
two machines inside your LAN. |
53 |
|
54 |
I hope this helps, even if i am not quite sure I understand what you're trying |
55 |
to do. |
56 |
|
57 |
-- Jonathan |
58 |
|
59 |
-- |
60 |
gentoo-user@g.o mailing list |