linux routers

Jeremy Fowler jfowler at westrope.com
Fri Nov 30 19:31:44 CST 2001 

I would start with Redhat 7.2 instead of 7.0, it has many new features that 7.0
doesn't, plus 7.0 had quite a few bugs in it. I would recommend compiling a
2.4.14 kernel (2.4.16 is out, but just), with support for ext3
www.uow.edu.au/~andrewm/linux/ext3/ (down at the moment, probably due to
everyone wanting the new patch for 2.4.16), LIDS http://www.lids.org/, and
Iptables 1.2.4 http://netfilter.samba.org/. I would then highly recommend
PortSentry, LogSentry, and HostSentry from Psionic's Abacus Project
http://www.psionic.com/abacus/, Nmap http://www.insecure.org/nmap/, and Snort
http://www.snort.org. Also these websites have some pretty good documentation
and other resources that will be invaluable when setting up.

I promised the group I would share my iptables script some time back. Well, I
thought I better make good with the offer. I have removed all real IP addresses
and changed some stuff, but for the most part this is the script I use on our
firewall here. Feel free to use or change anything, but I don't guarantee it
works. So don't come blaming me if it blows up you system. ;-P However, comments
and suggestions are greatly welcome.

I'm also working on some changes to PortSentry, some bug fixes and a few new
features. I added the feature that allows me to pass the type of scan that was
performed to KillRunCmd and with that I do a reverse port scan of the same type
(with nmap) to the offending IP address and port from a shell script. So
basically if someone XMAS TREE scans me on port 23 Portsentry replies back with
an XMAS TREE scan of their port 23 and then emails me back the report. However,
it only does it once, after that the offending IP address is put into the
blocked file and ignored as normal. I would be happy to give the patch out to
anyone who is interested. I also built an RPM and SRPM for anyone who wants
it. -J

> -----Original Message-----
> From: Eric Rossiter [mailto:rossiter at discoverynet.com]
> Sent: Friday, November 30, 2001 8:20 AM
> To: kclug at kclug.org
> Subject: linux routers
>
>
> Good morning fellow Penguinites,
>
> Am shortly going to begin implementing Linux routers for a customer of
> ours.  Cable at one end, DSL at the other.
>
> Requesting braindumps please... anything, everything...current config
> files, HOWTO's.
>
> Going to attempt NAT and a VPN also I believe.
>
> I've been out to the LRP.  I'm going to use RedHat 7.0 as a base, and go
> with a customized kernel.
>
> TIA,
> Eric
>
>

More information about the Kclug mailing list