Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Jonathan Chocron <jonathan.chocron@××××.fr>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] OT 0.0.0.0 security query
Date: Sat, 27 May 2006 22:56:17
Message-Id: 200605280046.18590.jonathan.chocron@free.fr
In Reply to: [gentoo-user] OT 0.0.0.0 security query by Dave S
1 Le Samedi 27 Mai 2006 11:40, Dave S a écrit :
2 > Hi all,
3 >
4 > This is a bit OT but I have a netgear router DG834 ADSL firewall router. I
5 > have restricted my incoming services with ...
6 >
7 > Enable Service Name Action LAN Server IP address WAN Users Log
8 > on bit torrent ALLOW always 192.168.0.5 Any Always
9 > Default Yes Any BLOCK always Any Any Never
10 >
11 > And tightened my outgoing services with ...
12 >
13 > Enable Service Name Action LAN Users WAN Servers Log
14 > on HTTP ALLOW always Any Any Always
15 > on HTTPS ALLOW always Any Any Always
16 > on POP ALLOW always Any Any Always
17 > on SMTP ALLOW always Any Any Always
18 > on NTP ALLOW always Any Any Always
19 > on FTP ALLOW always Any Any Always
20 > on rsync ALLOW always Any 0.0.0.0 Never
21 > on GM Port 389 ALLOW always 192.168.0.6 Any Always
22 > on GM Port 1503 ALLOW always 192.168.0.6 Any Always
23 > on GM Port 1731 ALLOW always 192.168.0.6 Any Always
24 > on GM 1024-65K ALLOW always 192.168.0.6 Any Always
25 > on H.323 ALLOW always 192.168.0.6 Any Always
26 > on Port >1023 ALLOW always Any Any Always
27 > on Samba ALLOW always Any 0.0.0.0 Always
28 > on samba2 ALLOW always Any 0.0.0.0 Always
29 > on samba3 ALLOW always Any 0.0.0.0 Always
30 > on Any(ALL) BLOCK always Any Any Always
31 > Default Yes Any ALLOW always Any Any
32 >
33 > Some services like rsync and samba I want to keep within my LAN but my
34 > DG834 insists I give it a least one IP address on the WAN that my service
35 > can be broadcast to. I selected 0.0.0.0
36 >
37 > Can anyone advise, am I going about this the right way, any comment greatly
38 > appreciated :)
39 >
40 > Cheers
41 >
42 > Dave
43
44 I am not the best net admin on earth, but it seems to me that 0.0.0.0 is
45 definitely not a broadcast address. If you want to keep things in your lan,
46 you should have something like 192.168.0.255 instead.
47
48 Moreover, I do not quite understand what you are trying to do. I had
49 approximately the same router (same brand anyway), and it did not block any
50 lan-only services. What you're telling it is, for example, to block
51 *outgoing* rsync. This should not in any case be blocking an rsync between
52 two machines inside your LAN.
53
54 I hope this helps, even if i am not quite sure I understand what you're trying
55 to do.
56
57 -- Jonathan
58
59 --
60 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] OT 0.0.0.0 security query Dave S <gentoo@××××××××.net>
Report Message
Find on MARC Find on Google Groups