[svlug] E-mail via proxy & netatalk
Jeff Suttor
Jeff.Suttor at EarthLink.net
Tue Aug 20 07:46:54 PDT 2002
> RH7.3 will install ipchains by default. Your default configuration
> probably rejects most connections.
>
> Edit /etc/sysconfig/ipchains and add a line:
>
> -A input -s 0/0 -d 0/0 548 -p tcp -y -j ACCEPT
>
> near the top of the file, before the line that rejects tcp connections
> below port 1024. (I'm letting you figure that part out.)
in general, one can also always add "-l"(log) to the rule that rejects
all "-p tcp" "-y"(syn) connections and then look in /var/log/messages to
see exactly what is being rejected. I like this approach as one can
start out very strict and then see exactly what is needed. it's also
interesting to log all attempts to create a connection. on some nets
the incoming HTTP port 80 requests from infected IIS servers is sad. :)
--
Jeff Suttor <Jeff.Suttor at EarthLink.net>
More information about the svlug
mailing list