-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 11, 2006 at 03:04:23PM -0600, Tyler Littlefield wrote: > I tried running endoshield, and got a ton of errors. When I first started using endoshield, I found the errors I got were the result of not configuring all the iptables stuff during my kernel config. So, your best bet in my humble opinion is to include all the iptables, nat, and connection tracking stuff as modules, and tying endoshield again. You could also post your errors, so we can see if a lack of modules is the case here, or if it's something else. > So, now I will try to do it manually. I'm going through a tutorial now, and I have a coupel questions. > I can do the following. > iptables -A INPUT -p tcp -dport 2200 -j queue > iptables -A INPUT -p tcp -sport 2200 -j queue > to allow for the traffic on port 2200 to go through. I think. I've never used the queue target, so I can't help you here. I can only tell you that when I want to open a port, I use the ACCEPT target to do so. > But, lets say I create a rule for each port. The ones I want to allow, and the ones I don't want to allow. > I think I can use a -s to make it only local if I want. > Then, how would I block the ports that I haven't created rules for? Off the top of my head, without looking at the iptables docs, or at the endoshield script, I believe you use the DROP target on the entire input chain, and below that, use the ACCEPT target on the ports you want to open. I do however stand to be corrected here. > next, if I set up the box as a DMZ, in front of the router, is there a way that I can make it manage all traffic coming in and out of the network? Just like the router would? Yes, this is called ip masquerading, and endoshield is a good example of how it's done. Also note that if you intend to share your connection with multiple machines, your main machine will need 2 network cards, one from the router to the pc, and the other from the pc to the switch/hub that your other machines are connected to. Greg - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEtFmy7s9z/XlyUyARAsrtAKDBUJ2A64LR4gOHroSFnORWAoSmvwCcC2En 78FEqOYvuvSIEOYuM8Ic3M4= =MPIm -----END PGP SIGNATURE-----