#### cat -n /etc/rc.d.rc.ipfw 1 #!/bin/sh 2 set -x ; # set +x; 3 # Setup IP firewalling/masquerading 4 # see http://www.indyramp.com/masq/ 5 INSIDE=192.168.102.0/24 6 ANYWHERE=0.0.0.0/0 7 OUTSIDE=${ANYWHERE} 8 # Flush all commands 9 /sbin/ipfwadm -F -f 10 /sbin/ipfwadm -I -f 11 /sbin/ipfwadm -O -f 12 #per IP Masquerade Mini-Faq: 13 # http://www.indyramp.com/mirrors/ipmasq/ipmasq-HOWTO.html 14 /sbin/ipfwadm -O -p accept 15 /sbin/ipfwadm -I -p accept 16 /sbin/ipfwadm -F -p deny 17 /sbin/ipfwadm -I -i deny -W sl0 -S ${INSIDE} -D ${ANYWHERE} 18 /sbin/ipfwadm -F -a m -S ${INSIDE} -D ${OUTSIDE} 19 # Hold masquerades for -s tcp tcpfin udp 20 # 2hr 30 sec 5 min 21 /sbin/ipfwadm -M -s 7200 30 300 22 # enable first-packet re-writing per 23 # http://www.linuxhq.com/patch/20-p0468.html 24 echo 1 > /proc/sys/net/ipv4/ip_dynaddr 25 26 # handy commands: 27 # cd /lib/modules/`uname -r`/ipv4 ; ls -a ip_masq* # lists the ipmasq modules 28 # grep '' /proc/sys/net/ipv4/* # shows the ip kernel setups 29 # ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l # lists 30 # ifconfig # #### ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l IP firewall forward rules, default policy: deny type prot source destination ports acc/m all localnet/24 anywhere n/a IP firewall input rules, default policy: accept type prot source destination ports deny all localnet/24 anywhere n/a IP firewall output rules, default policy: accept IP masquerading entries prot expire source destination ports tcp 04:14.21 hob.forrest simba.xos.nl 1387 (62343) -> ftp tcp 119:39.85 hob.forrest watt.seas.virginia.edu 1346 (62316) -> telnet #### ls -a /lib/modules/`uname -r`/ipv4/ip_masq* /lib/modules/2.0.35/ipv4/ip_masq_cuseeme.o /lib/modules/2.0.35/ipv4/ip_masq_ftp.o /lib/modules/2.0.35/ipv4/ip_masq_irc.o /lib/modules/2.0.35/ipv4/ip_masq_quake.o /lib/modules/2.0.35/ipv4/ip_masq_raudio.o /lib/modules/2.0.35/ipv4/ip_masq_vdolive.o #### grep $ /proc/sys/net/ipv4/* # shows the ip kernel setups /proc/sys/net/ipv4/arp_check_interval:6000 /proc/sys/net/ipv4/arp_confirm_interval:30000 /proc/sys/net/ipv4/arp_confirm_timeout:500 /proc/sys/net/ipv4/arp_dead_res_time:6000 /proc/sys/net/ipv4/arp_max_tries:3 /proc/sys/net/ipv4/arp_res_time:500 /proc/sys/net/ipv4/arp_timeout:6000 /proc/sys/net/ipv4/ip_dynaddr:1 /proc/sys/net/ipv4/ip_forward:1 #### ifconfig # lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:4362 errors:0 dropped:0 overruns:0 TX packets:4362 errors:0 dropped:0 overruns:0 eth0 Link encap:10Mbps Ethernet HWaddr 00:40:05:24:34:84 inet addr:192.168.102.10 Bcast:129.168.102.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1815682 errors:0 dropped:0 overruns:0 TX packets:1612493 errors:0 dropped:0 overruns:0 Interrupt:11 Base address:0x300 ppp0 Link encap:Point-Point Protocol inet addr:205.139.233.170 P-t-P:205.197.102.56 Mask:255.255.255.0 UP POINTOPOINT RUNNING MTU:1500 Metric:1 RX packets:12331 errors:0 dropped:0 overruns:0 TX packets:12719 errors:0 dropped:0 overruns:0 sl0 Link encap:Serial Line IP inet addr:192.168.102.1 P-t-P:192.168.102.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 TX packets:239 errors:0 dropped:0 overruns:0 #### route -n # list the routing table w/o DNS lookups Kernel routing table Destination Gateway Genmask Flags MSS Window Use Iface 192.168.102.2 * 255.255.255.255 UH 1500 8192 0 sl0 205.197.102.56 * 255.255.255.255 UH 1500 8192 0 ppp0 192.168.102.0 * 255.255.255.0 U 1500 8192 175 eth0 127.0.0.0 * 255.0.0.0 U 3584 0 130 lo default * * U 1500 8192 54 ppp0 default * * U 1500 8192 129 sl0 #### cat -n /etc/diald.conf 1 mode ppp 2 connect "chat -f /etc/chat_script.cstone" 3 device /dev/cua1 4 speed 115200 5 modem 6 lock 7 crtscts 8 local 192.168.102.1 9 remote 192.168.102.2 10 dynamic 11 12 mtu 1500 13 mru 1500 14 window 8192 15 16 ip-up /etc/ppp/ip-up-diald 17 ip-down /etc/ppp/ip-dn-diald 18 addroute /etc/ppp/diald-addroute-hook 19 delroute /etc/ppp/diald-delroute-hook 20 21 22 defaultroute 23 fifo /var/adm/diald 24 proxyarp 25 include /usr/lib/diald/standard.filter #### cat -n /etc/named.boot 1 ; 2 ; boot file for name server 3 ; 4 directory /var/named 5 6 ; type domain source host/file backup file 7 8 cache . root.cache 9 primary 0.0.127.IN-ADDR.ARPA zone/127.0.0 10 primary 102.168.192.IN-ADDR.ARPA zone/192.168.102 11 primary forrest hosts.forrest 12 ;domain DOMAIN 13 ;primary DOMAIN named.hosts 14 ;primary IPREVERSED.IN-ADDR.ARPA named.rev #### cat -n /etc/rc.d/check.ipfw 1 #!/bin/sh 2 PATH=/sbin/:$PATH 3 #set -x ; # set +x; # Check the IP firewalling setup 4 # handy commands for checking the firewall: 5 echo -e '\n#### cat -n /etc/rc.d.rc.ipfw' 6 cat -n /etc/rc.d/rc.ipfw 7 echo -e '\n#### ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l' 8 ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l 9 echo -e '\n#### ls -a /lib/modules/`uname -r`/ipv4/ip_masq*' 10 ls -a /lib/modules/`uname -r`/ipv4/ip_masq* 11 echo -e "\n#### grep $ /proc/sys/net/ipv4/* # shows the ip kernel setups" 12 grep $ /proc/sys/net/ipv4/* # shows the ip kernel setups 13 echo -e '\n#### ifconfig #' 14 ifconfig # 15 echo -e '\n#### route -n # list the routing table w/o DNS lookups' 16 route -n # list the routing table w/o DNS lookups 17 echo -e '\n#### cat -n /etc/diald.conf' 18 cat -n /etc/diald.conf 19 echo -e '\n#### cat -n /etc/named.boot' 20 cat -n /etc/named.boot 21 echo -e '\n#### cat -n /etc/rc.d/check.ipfw' 22 cat -n /etc/rc.d/check.ipfw