Re: How to configure system-config-securitylevel-tui to permit only the internal LAN to access my ADSL router?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-11-18 at 00:01 -0200, Vinicius wrote:
> Em Qui, 2004-11-18 às 02:35 +0100, Alexander Dalloz escreveu:
> > Am Do, den 18.11.2004 schrieb Vinicius um 1:31:
> > 
> > > how to configure system-config-securitylevel-tui to permit only the
> > > internal LAN to access my ADSL router and to block the others, please?
> > > 
> > > TIA, Vinicius.
> > 
> > You can't by using this tool.
> > 
> > I guess the ADSL router is your Fedora machine (else the question would
> > not make much sense in it's form) and you have 2 network cards and thus
> > 2 ethernet devices in the Fedora based router. You will have to have
> > some clue about the iptables syntax to make the necessary changes to the
> > existing /etc/sysconfig/iptables set of rules. As the FORWARD chain uses
> > the same rules as the INPUT chain it would break the forwarding of the
> > router if you limit the traffic by adding "-s $INTERNAL_NET" to the
> > ACCEPT rule lines. Running a router you should get in touch with
> > iptables itself (www.netfilter.org). Though there are tools like
> > firestarter which are mightier than the system-config tool and for those
> > which prefer click&run over hand editing a plain text file.
> > 
> > Alexander
> > 
> 
> In the scenario below, does an ADSL modem (router) in generally defaults
> to deny access to the ports 21, 23 and 80, please?

I would not make any such assumption. I know of one brand that has, by
default, telnet open to the Internet.

> 
> TIA, Vinicius.
> 
> ------------
> |          |
> | Internet |
> |          |
> ------------
>        |
> --------------
> | Public IP  |
> --   ---    --
> |            |
> | M. ADSL    |
> |            |
> --   ---    --
> | Private IP |
> --------------
>      |
> ------------
> |          |
> | Private  |
> | Network  |
> |          |
> ------------

You need to read then instructions for your specific router. If you
don't have the instructions, visit the manufacturer's website.

I also recommend doing a port scan from the 'net - there are websites
that provide this service. Google is your friend.

Other than by configuring the ADSL thing according to the vendor's
instructions there is nothing that anything in the private LAN can do to
filter traffic on the Internet side.

_I_ might put the ADSL router into bridge mode, but for most people most
ADSL routers, when properly configured, are just fine. For sure, if
you're having trouble configuring that then you won't find a Linux box
easy.





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux