Hieronder tref je een aantal voorbeeld bestanden aan.
6.1 Voorbeeld firewall.ini
bestand
# Firewall setup.
#
# Setting up ipchains and ipmasqadm
# . /etc/config
#
# Flushing the chains.
#
ipchains -F
#
# Policy for forwarding, Masquerade
#
ipchains -P forward MASQ
#
# another example:
#
ipchains -A forward -i ${OUTSIDE_DEV} -j MASQ
#
# Timeouts for the masqueraded connections.
#
ipchains -M -S 6000 120 300
#
# Minimum delay for SSH.
#
ipchains -A output -p tcp -d 0.0.0.0/0 22 -t 0x01 0x10
#
# We don't like the NetBIOS and Samba leaking.. \
#
/bin/ipchains -I input -j REJECT -p TCP -s 0/0 -d 0/0 137:139
/bin/ipchains -I input -j REJECT -p UDP -s 0/0 -d 0/0 137:139
#
# Finally, list what we have
#
ipchains -L
#
# ipmasqadm takes care of connections from the outside to the inside.
# Remove the comments to set it up.
#
# Portforward rule to enable http traffic to an internal web server
ipmasqadm portfw -a -P tcp -L $1 80 -R 192.168.0. 80
# Portforward rule to enable smtp traffic to an internal mail server
ipmasqadm portfw -a -P tcp -L $1 22 -R 192.168.0. 22
#ipmasqadm portfw -a -P tcp -L $1 2222 -R 192.168.0. 22
#
# Rules set, we can enable forwarding in the kernel.
#
echo "Enabling IP forwarding."
echo "1" > /proc/sys/net/ipv4/ip_forward
6.2 Voorbeeld config
bestand
#
# Configuration for floppyfw
#
# For configuring of modules to use : /modules.lst
# For configuring logging: /syslogd.cfg
# For configuring network interface cards (usually not necessary):
/syslinux.cfg
# For configuring firewall rules and incoming traffic: /firewall.ini
#
# Indien provider geen xs4all is, vervang alle "xs4all.nl" in de naam van je
eigen provider.
# Vergeet "DOMAIN" onderin het script niet.
# Vul hieronder de inlog gegevens in.
# Vervang door je eigen settings.
# Voorbeeld : password = Gf$k#ls wordt USER_PASSWORD='Gf$k#ls'
#
# Voor Basic-adsl @xs4all-basic-adsl
# Voor Fast-adsl @xs4all-fast-adsl
USER_IDENT='@xs4all-basic-adsl'
USER_PASSWORD=''
# Vul hieronder 2 IP adressen in om de verbinding te checken.
# ping.xs4all.nl = 194.109.104.104
# www.cisco.com = 198.133.219.25
PING1=194.109.104.104
PING2=198.133.219.25
# Voor Homenet versie 3.0 via intranet (y/n)
ABN_AMRO_HOME_NET=y
# Outside network:
OUTSIDE_IP=PPTP
# eth0 default device.
#
OUTSIDE_DEV=ppp0
OUTSIDE_NETMASK=255.255.255.0
OUTSIDE_BROADCAST=10.0.0.255
# Inside network:
#
# This has 192.168.0.* set as default, addresses assigned for internal
networks according
# according RFC 1918.
#
# eth1 is the default device for the internal network.
#
INSIDE_IP=192.168.0.2
INSIDE_DEV=eth1
INSIDE_NETMASK=255.255.255.0
INSIDE_BROADCAST=192.168.0.255
# Modem settings:
#
MODEMSIDE_DEV=eth0
MODEMSIDE_IP=10.0.0.150
MODEMSIDE_BROADCAST=10.0.0.255
MODEMSIDE_NETMASK=255.255.255.0
MODEM_IP=10.0.0.138
# Vul hier de DNS'en in.
# En eventueel domeinnaam en hostname.
# De hier gebruikte adressen behoren toe aan xs4all.
# Zie de FAQ voor DNS adressen van andere providers
NAME_SERVER_IP1=194.109.6.66
NAME_SERVER_IP2=194.109.9.99
DOMAIN=xs4all.nl
HOSTNAME=floppyfw
#
# (y)es or (n)o
#
OPEN_SHELL=y
# Voor meer dan 8MB geheugen <y/n>.
ONLY_8M=n
# systeemlogging
USE_SYSLOG=y
#SYSLOG_FLAGS="-m 360"
# systeemlogging naar andere server toe
#SYSLOG_FLAGS="-m 360"
SYSLOG_FLAGS="-m 360 -R 192.168.0.99:514"
6.3 Voorbeeld modules
bestand
ip_masq_irc.o
ip_masq_cuseeme.o
ip_masq_ftp.o
ip_masq_quake.o
ip_masq_raudio.o
ip_masq_vdolive.o
ip_masq_portfw.o
ip_masq_autofw.o
slhc.o
ppp.o
Vorige Inhoud
Volgende
| 
