| Welcome, Guest |
You have to register before you can post on our site.
|
| Online Users |
There are currently 163 online users.
» 0 Member(s) | 161 Guest(s)
Bing, Google
|
| Latest Threads |
How to install Archboot i...
Forum: Network Problems
Last Post: Meup
2025-05-13, 01:41 PM
» Replies: 0
» Views: 511
|
clear logs in smoothwall
Forum: Security and Firewalls
Last Post: amanda63
2024-03-10, 03:27 PM
» Replies: 8
» Views: 89,182
|
I cannot install RedHat 8...
Forum: Redhat
Last Post: hybrid
2023-11-11, 01:01 PM
» Replies: 1
» Views: 42,536
|
How things are done, usin...
Forum: Xorg Problems
Last Post: ross
2023-09-04, 09:03 AM
» Replies: 0
» Views: 1,922
|
Im back.....
Forum: Hello
Last Post: anyweb
2021-01-17, 11:36 AM
» Replies: 1
» Views: 5,416
|
add mp3 plugin to xmms in...
Forum: Fedora
Last Post: anyweb
2021-01-17, 11:30 AM
» Replies: 11
» Views: 41,532
|
Configuring VSFTPd Server
Forum: FTP Server
Last Post: Johnbaca
2020-10-14, 10:25 AM
» Replies: 32
» Views: 118,540
|
Wolf won't play sound!
Forum: Game Problems
Last Post: Guest
2020-10-03, 05:51 PM
» Replies: 1
» Views: 56,319
|
Using git + python
Forum: How Do I?
Last Post: Clueless puppy
2020-08-21, 04:37 PM
» Replies: 0
» Views: 46,215
|
what does your nick mean ...
Forum: Hello
Last Post: volt
2020-08-06, 03:25 PM
» Replies: 28
» Views: 42,188
|
|
|
| Port Forwarding behind router |
|
Posted by: seeno - 2005-07-15, 03:37 PM - Forum: Security and Firewalls
- No Replies
|
 |
Ok, if your behind a router and your DMZ'd box is running linux, (AFAIK a DMZ'd box is a box that all the external tcp/udp ports are forwarded to from the router, that and icmp), and you want to forward a port from your DMZ'd box to another internal (aka private) IP, this is the tut for you.
Code: iptables -t nat -A PREROUTING -p tcp --dport $Port-to-forward -j DNAT --to-destination $Internal-IP
iptables -t nat -A POSTROUTING -p tcp -d $Internal-IP --dport $Port-to-forward -j SNAT --to-source $DMZ-Internal-IP
iptables -P FORWARD ACCEPT
Where $Port-to-forward is the port you want forwarded, and $Internal-IP is the Internal IP you want the port forwarded to, and $DMZ-Internal-IP is the DMZ'd box's Internal IP.
#
# Explanation
#
What the first command does is when a packet is recieved it checks if the destination port is $Port-to-forward, and if it is it changes the destination IP of the packet's header from the DMZ'd IP to $Internal-IP.
So now we have a packet's destination to $Internal-IP, and a source of whatever. (So when $Internal-IP wants to send the packet back it will send it through the
gateway with the source IP of whatever, aka the *real* remote IP and the gateway will send it back to the DMZ'd box, wich is $DMZ-Internal-IP.) We're half there.
Now, first of all the text between the () will not happen if the second command is put, what the second command does is match the packet to see if the
destination is $Internal-IP and the destination port is $Port-to-forward, then it will change the *source* IP from the remote host to $DMZ-Internal-IP, so the packet comes back to the DMZ'd box so that it could re-route it.
EDIT: The last command sets the default policy of FORWARD to ACCEPT
And I think you should
Code: echo 1 > /proc/sys/net/ipv4/conf/all/forwarding && echo 1 > /proc/sys/net/ipv4/ip_forward
to enable forwarding.
|
|
|
| oooh mozilla... |
|
Posted by: anyweb - 2005-07-15, 01:33 PM - Forum: Security and Firewalls
- Replies (2)
|
 |
On Tuesday, July 12, the Mozilla Foundation discovered that the server hosting Spread Firefox, our community marketing site, had been accessed on Sunday, July 10 by unknown remote attackers who exploited a security vulnerability in the software running the site. This exploit was limited to SpreadFirefox.com and did not affect other mozilla.org web sites or Mozilla software.
We don't have any evidence that the attackers obtained personal information about site users, and we believe they accessed the machine to use it to send spam. However, it is possible that the attackers acquired information site users provided to the site.
As a Spread Firefox user, you have provided us with a username and password. You may also have provided us with other information, including a real name, a URL, an email address, IM names, a street address, a birthday, and private messages to other users.
We recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your Spread Firefox account. To change your Spread Firefox password, go to SpreadFirefox.com, log in with your current password, select "My Account" from the sidebar, select "Edit Account" from the sidebar, then enter your new password into the Password fields and press the "Save user information" button at the bottom of the page.
The Mozilla Foundation deeply regrets this incident and is taking steps to prevent it from happening again. We have applied the necessary security fixes to the software running the site, have reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future.
Sincerely,
The Mozilla Foundation
|
|
|
|
| site line upgraded to 24mb |
|
Posted by: anyweb - 2005-07-15, 01:12 PM - Forum: Site News
- Replies (3)
|
|
today the site was ugpraded from an 8mb line to a 24mb line (24/1) ADSL 2+
pretty good deal from the isp, as long as i stay with them for another year they gave me the new modem FREE and the line rental per month actually now costs me LESS than i was paying for the 8mb line
about 44 euros per month for 24 megabits :P
enjoy and let me know if you think the site is a bit faster now
cheers
anyweb
|
|
|
|
| easily get your WAN IP |
|
Posted by: hijinks - 2005-07-14, 06:03 PM - Forum: Tips and Tricks
- No Replies
|
 |
this was just asked in the IRC channel.. he was wondering if there was a easy way in shell to get the external IP address if you are behind a router. well there is. I setup a very simple php page to report back your IP.. so if you run
Code: IP=`wget -q -O - http://homer.meso.com/remoteip.php`
echo $IP
You should get your IP address back.. here is the 1 liner php script if anyone wants to run their own
Code: <? echo $_SERVER["REMOTE_ADDR"]; ?>
|
|
|
|
| jumpdrive boot?!? |
|
Posted by: gus - 2005-07-13, 09:51 PM - Forum: Knoppix
- Replies (4)
|
 |
i was just wondering if it would be possable to save knoppix to my jumpdrive (1Gig) and boot/run knoppix from there?
|
|
|
|
| Very n00b network question. |
|
Posted by: Zeppo - 2005-07-13, 01:50 PM - Forum: How Do I?
- Replies (4)
|
|
Got a fedora box up and working on my network as a normal desktop, not a server.
What do I need to do to be able to browse to my other windows 2000 PCs and see their files?
Is this a samba thing?
Just want to make sure.
Thanks!
|
|
|
|
| hi im gus |
|
Posted by: gus - 2005-07-13, 06:04 AM - Forum: Hello
- Replies (13)
|
|
hey, im gus and ive decided to go linux yet need to choose a distro. i have 4
intell p11 pc's and a lot of spare time :). im very intrested in learning as much code as i can so i dont want too much GUI. i was thinking of dabian sarge but very unsure. i have never even seen a linux pc o_O . if anyone has any advice it would be appreciated.
|
|
|
|
| Setting up Tripwire |
|
Posted by: xDamox - 2005-07-11, 07:10 PM - Forum: Security and Firewalls
- Replies (2)
|
|
Well I though I would write this tutorial on tripwire as I use it and think it's and excellent pieace of
software.
The way tripwire works is it takes an MD5 or SHA1 checksum of important files on your machine
and stores them in a ciphered database. It also alert you if their is any new files placed onto the
machine as it generates reports and emails them to root.
The first step to install tripwire is to install it using yum :) so if you issue the command below
tripwire will be installed for you.
Code: yum install tripwire
Once tripwire is installed you have to create a key which will be used to decipher the tripwire database
also it is require when updating the tripwire database. To setup a key issue the following command
below. Tripwire will as for a site key password also it will as for a local key file password, you may enter
the site key and local key differently to increase security.
Code: /usr/sbin/tripwire-setup-keyfiles
When issuing this command you should get a similar output as shown below:
Code: ----------------------------------------------
The Tripwire site and local passphrases are used to sign a variety of
files, such as the configuration, policy, and database files.
Passphrases should be at least 8 characters in length and contain both
letters and numbers.
See the Tripwire manual for more information.
----------------------------------------------
Creating key files...
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the site keyfile passphrase:
Verify the site keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the local keyfile passphrase:
Verify the local keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.
----------------------------------------------
Signing configuration file...
Please enter your site passphrase:
Wrote configuration file: /etc/tripwire/tw.cfg
A clear-text version of the Tripwire configuration file:
/etc/tripwire/twcfg.txt
has been preserved for your inspection. It is recommended that you
move this file to a secure location and/or encrypt it in place (using a
tool such as GPG, for example) after you have examined it.
----------------------------------------------
Signing policy file...
Please enter your site passphrase:
Wrote policy file: /etc/tripwire/tw.pol
A clear-text version of the Tripwire policy file:
/etc/tripwire/twpol.txt
has been preserved for your inspection. This implements a minimal
policy, intended only to test essential Tripwire functionality. You
should edit the policy file to describe your system, and then use
twadmin to generate a new signed copy of the Tripwire policy.
Once you have a satisfactory Tripwire policy file, you should move the
clear-text version to a secure location and/or encrypt it in place
(using a tool such as GPG, for example).
Now run "tripwire --init" to enter Database Initialization Mode. This
reads the policy file, generates a database based on its contents, and
then cryptographically signs the resulting database. Options can be
entered on the command line to specify which policy, configuration, and
key files are used to create the database. The filename for the
database can be specified as well. If no options are specified, the
default values from the current configuration file are used.
Once you have done that you will need to go into /etc/tripwire directory, you should see
some files similar to the following.
Code: localhost.localdomain-local.key site.key tw.cfg twcfg.txt tw.pol twpol.txt
You will need to edit the twpol.txt. This file is well commented and you should be able to configure
the file yourself. When editing this file you will see similar lines as shown below.
Code: /sbin/accton -> $(SEC_CRIT);
/sbin/badblocks -> $(SEC_CRIT);
/sbin/busybox -> $(SEC_CRIT);
/sbin/busybox.anaconda -> $(SEC_CRIT);
/sbin/convertquota -> $(SEC_CRIT);
/sbin/dosfsck -> $(SEC_CRIT);
Make sure these files exists or tripwire will complain about them. You could do ls -l /sbin/dosfsck
to check the file exists.
Once you have edited the configuration file you will have to re-sign it with twadmin issue the following
two command below to re-sign the configuration files.
Code: twadmin --create-polfile --site-keyfile /etc/tripwire/site.key /etc/tripwire/twpol.txt
twadmin --create-cfgfile --site-keyfile /etc/tripwire/site.key /etc/tripwire/twcfg.txt
Once that has been done all you have to do is initialize tripwire this is done by issue the following
command as shown below this may take a little while as it is generating the files of SHA1 checksums
and updating the database. If you ever need to update the tripwire database just issue the initialize and it will create a new database.
This command should produce some output similar to the output below.
Code: Please enter your local passphrase:
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
Wrote database file: /var/lib/tripwire/localhost.localdomain.twd
The database was successfully generated.
Now that the database is in place you will know about EVERYTHING that happens on
your machine now. To do a check on your machine just issue the command below:
This may take a little bit, you will not need to enter a password when running this command once
the check has finished you should get similar output as shown below.
Code: Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/localhost.localdomain-20050711-183846.twr
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Mon 11 Jul 2005 06:38:46 PM BST
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: localhost.localdomain
Host IP address: 127.0.0.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/localhost.localdomain.twd
Command line used: tripwire --check
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
User binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
Libraries 66 0 0 0
Operating System Utilities 100 0 0 0
Critical system boot files 100 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Kernel Administration Programs 100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
(/sbin/rtmon)
Shell Related Programs 100 0 0 0
Critical Utility Sym-Links 100 0 0 0
Shell Binaries 100 0 0 0
* Tripwire Data Files 100 1 0 0
Critical configuration files 100 0 0 0
System boot changes 100 0 0 0
OS executables and libraries 100 0 0 0
Security Control 100 0 0 0
Boot Scripts 100 0 0 0
Login Scripts 100 0 0 0
Root config files 100 0 0 0
Invariant Directories 66 0 0 0
Temporary directories 33 0 0 0
Critical devices 100 0 0 0
Total objects scanned: 33267
Total violations found: 1
===============================================================================
Object Summary:
===============================================================================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/var/lib/tripwire)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/var/lib/tripwire/localhost.localdomain.twd"
===============================================================================
Error Report:
===============================================================================
No Errors
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
Well thats about it for this tutorial :) O one last thing keep the twpol.txt safe and the twcfg.txt I would
suggest ciphering them.
|
|
|
|
| Wolf won't play sound! |
|
Posted by: SnaveZ - 2005-07-11, 02:36 PM - Forum: Game Problems
- Replies (1)
|
|
I have SuSE 9.3 Professional, and the AC'97 card, that SuSE was able to get drivers going with.
My problem is, that Wolfenstein Enemy Territory needs OSS to work, which my sound card won't work with.
Anyone know of a way to make it so Wolfenstein plays with ESD??
I also have a sound blaster live in my computer, but SuSE was unable to install drivers for it.
I know that I could compile drivers emu10k1, but I'm a total n00b at linux..
thanks in advance,
SnaveZ :P
|
|
|
|
|
