[svlug] E-mail via proxy & netatalk

Jeff Suttor Jeff.Suttor at EarthLink.net
Tue Aug 20 07:46:54 PDT 2002


> RH7.3 will install ipchains by default. Your default configuration
> probably rejects most connections.
> 
> Edit /etc/sysconfig/ipchains and add a line:
> 
> -A input -s 0/0 -d 0/0 548 -p tcp -y -j ACCEPT
> 
> near the top of the file, before the line that rejects tcp connections
> below port 1024. (I'm letting you figure that part out.)


in general, one can also always add "-l"(log) to the rule that rejects 
all "-p tcp" "-y"(syn) connections and then look in /var/log/messages to 
see exactly what is being rejected.  I like this approach as one can 
start out very strict and then see exactly what is needed.  it's also 
interesting to log all attempts to create a connection.  on some nets 
the incoming HTTP port 80 requests from infected IIS servers is sad.  :)


-- 
Jeff Suttor  <Jeff.Suttor at EarthLink.net>




More information about the svlug mailing list