Floppyfw author ThomasLundquist it described as "a firewall feature of Linux routers (screeningrouter)".
Floppyfw through Linux kernel boot, and provides the realization of the above Firewall feature minimum tool set. This is an important feature, because even if an intruder using some access to the firewall, he did not many can cause damage tools available. In addition, because the firewall run fully in RAM, so you only need to reboot through the floppy disk to restore the system to its initial state. Like many other Linux projects, floppyfw has customized features. However, like to recommend a series of found almost immediately perform filtering rules, so that you can quickly build your own firewall. Hardware needs one more appropriate for your computer (or enough to assemble a part), it should be more than a 386, basic configuration of the computer as follows: minimum 8-MBRAM 3.5 "floppy disk drive, video card, keyboard, monitor, note that if you want to run independently, floppyfw may only be in the configuration and test it when I need a keyboard and monitor. Need to install a network card, floppyfw supports several types of card: 3Com3c509 NE2000compatibles Tulip-based IntelEtherExpressPCI to ensure that each card has its own interrupt (IRQ), and memory addresses. Interrupt (IRQ) and a memory address in a jumper on the set up of a network connection is very simple. Using a couple 3Com3c509 card, when you first start your computer, the configuration of the two network cards are IRQ10 and 0x300. Is 3Com DOS utility 3C5X9CFG.EXE solution to this problem: first, create a DOS startup disk, and copy to disk 3C5X9CFG.EXE; and then use this floppy disk to start the computer and run 3C5X9CFG.EXE (of course, two network adapters are inserted on the motherboard); choose one network adapter, select a new IRQ and memory addresses; on the other a NIC also reconfigured, remember, you want to save the new settings. Is found on the EtherDisk4.3 3C5X9CFG.EXE, 3Com's official website http://www.3com.com/found on the latest version of the EtherDisk. Software requirements making floppyfw boot disk is very simple, first you need here (target = _blank > http://www.zelow.no/floppyfw/downlo ... Makoto Ze blowing dumpling concrete lie Greek?/a > # ddif = floppyfw-1.0.5.imgof =/dev/fd0bs = 72k configuration this floppy is DOS (FAT) format, it is necessary first of all on a separate machine to edit the configuration file before you can start it. Often you can use Linux mtools, as follows: $ cd/tmp $ mcopya: conig $ viconig $ mcopyconfiga: If you are using other operating systems, you can use NotePad to complete these tasks. In fact, floppyfw 5 profile: config (main configuration file) firewall.ini (filtering rules) modules.lst (additional ip_masq module) syslinux.cfg (kernel boot parameters) syslog.cfg (syslog configuration, similar to/etc/syslog.con) may not need not concern syslinux.cfg and modules.lst, here only discuss the master configuration file config, in order to illustrate the problem, remove most of the comments here. Most of the meaning of the value is clear. Just file a final these switches may not well understood: OPEN_SHELL control console shell access (/bin/as). If your computer's RAM shortage 12MB, ONLY_8M reset to "y". USE_SYSLOG decide whether run syslogd. SYSLOG_FLAGS represents syslogd starts passed to it by the number of tag information. File 1 (target = _blank > ftp://ftp.mfi.com/pub/sysadmin/2001 ... the limited screen song chant-dump cleaning is?/a > filtering rules now to see if the file firewall.ini. Released in conjunction with the original floppyfw firewall.ini file only to basic address-hide and deny a few ports. As is building a firewall, so necessary to the necessary modifications. However, the establishment of a full-featured packet-filtering rules require a large amount of work. In theory, would like to close all ports, and then under the service will be used to open the necessary ports. Don't be nervous, in fact, most of the work has been done! is the home page from RobertL.Ziegler's target = _blank > http://linux-firewall-tools.com/lin ... Correct placement in the Pan value description?/a > Ziegler is the LinuxFirewalls (NewRidersPublishing, ISBN:0735709009----posts already in October 2000 edition of the book of Chinese version), author of his custom rule has a very good comment, and for each set of goal gives a detailed explanation. When you need to open certain ports, these comments are valuable but again! here's the blueprint for ipchains rules can get http://linux-firewall-tools.com/ftp...wall.ipchains here. Recommend first reading through this file, not just to get to it. Some even include some with "OR" tag "alternative" fragment, you must make a choice. As long as the previous comment removed, you can activate the configuration item. In a limited number of floppy disk storage space in stores so the rules file is obviously not the economy, it is best to think that may never be used to partially deleted to conserve disk space usage. In a convenient place to keep a backup of the original file in case of course is a more sensible approach. If you have completed the configure and write it to a floppy disk, it is best to make several copies of the floppy disk, so that the floppy disk is damaged and troublemaker. Listing 2 (target = _blank > ftp://ftp.mfi.com/pub/sysadmin/2001 ... benzene by grapefruit may cut ┲ failure?/a > under listing 2 will be realized in order to open to allow internal network clients access to some basic network services (such as DNS, SMTP, POP, NNTP, TELNET, SSH, FTP, HTTP and WHOIS, etc.) of the port. Note that there is no open POP port, instead of using fetchmail to obtain the remote server. If you are concerned about from receiving mail on the remote host is likely to be other people listening, you can select the fetchmail. Because fetchmail is a very nice feature that allows you to set up a SSH connection first, and then through the connection to download messages. This case does not need to open the POP-port. Logging if you are using the default syslog.cfg file floppyfw all log messages that are sent to the console. Is the use of the "unconscious" (or is there is no monitor or keyboard) to run a firewall computer, so it is not in the configuration for any use. However, by analyzing log files to monitor firewall current health, the following is the solution: the intranet a Linux operating system installed on the host computer is configured to log. To do this, make sure that the log host syslogd is started with the-r option, this option allows the likes to process receive network over the log message (for example, on a RedHat system, you need to edit the/etc/rc.d/init.d/syslog to do this). Then, configure syslog.cfg file, be sure to log into the 192.168.1.2 host IP address. In Listing 3 (ftp://ftp.mfi.com/pub/sysadmin/2001...yslog.cfg file. Once you have completed the configuration of these files and written back to a floppy disk, you can start by floppy disk and do some testing. To ensure that the internal network computers can communicate with each other, you can access detection has to open a port to external services. If you log on a remote host, please pay close attention, attention required/var/log/messages on the firewall computer console screen, which provides monitoring the current working status of the firewall. You may need to configure the firewall rule is more subtle, but don't forget to add the modified results written back to disk. Be sure to pay close attention to the log file. When the final after the firewall is in use, you may be surprised to find so many people are in the conduct port scans or other weird things, have their own firewall, feel good, right?
No comments:
Post a Comment