thewall-general Mailing List for theWall
Status: Beta
Brought to you by:
freebsdfan
Menu
▾
▴
thewall-general — General discussion
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
(8) |
Mar
(3) |
Apr
(9) |
May
(15) |
Jun
(2) |
Jul
|
Aug
(2) |
Sep
|
Oct
(4) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
|
Mar
(1) |
Apr
(2) |
May
|
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2004-02-05 12:47:13
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=2410493 By: lucianoinacio I install thewall pc pppoe. Its OK. I need install the driver for orinoco isa. How i do it and where i get this driver? Luciano ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/unmonitor.php?forum_id=101881 |
|
From: SourceForge.net <no...@so...> - 2003-07-17 18:01:06
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=2108918 By: freebsdfan I've received several messages recently asking if this project was dead or not. Here's the current status: my personal firewall has been up for 483 days which should give you an idea of when I last touched it. The last FreeBSD release that thewall built on successfully was 4.5. The ISC dhcp client was updated prior to the 4.6 release and it has not built cleanly as part of a "crunch" since. I removed the dhcp client to find out what other problems would pop up and eventually got thewall to build on 4.8R. Unfortunately even without the (huge) dhcp client it no longer fits on a single floppy. This is not a shock as thewall only fit with about 30k to spare on the 4.5 release. So... since the 4.5 version fits my needs I’m declaring the project finished. Thanks to everyone who helped. If you are searching for a FreeBSD based firewall that is being maintained I suggest you have a look at http://m0n0.ch/wall/ . m0nowall boots from a CD-ROM so it is not constrained by the limits of a floppy. A version for the soekris boards is also available. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/unmonitor.php?forum_id=101881 |
|
From: Ola S. <1lf...@ae...> - 2003-07-11 22:45:30
|
<html> <head> <title>Hy sweet</title> </head> <body> <p><font face=3D"Arial">Hi Sylvia!<br> Me and Lisa are back online with our new site!<br> We put on all Lisa's nude shots!<br> There's also a movie of me and Lisa nude on the street!<br> Come and visit us, <a href=3D"http://www.geocities.com/e_omar_77/"><b>this is our site</b></a= >.<br> We hope to meet you again on Kerkira's nudist beach this year!<br> We will be at Kerkira from August 1 to September 5.<br> Don't forget to <a href=3D"http://www.geocities.com/f_omar_77/"><b>visit our website</b></= a>!<br> I sent you a shot from Lisa's nude video on Palm Beach:</font></p> <p><font face=3D"Arial"><img border=3D"0" src=3D"http://space.virgilio.it/= hos...@vi.../thumb.jpg"></font></p> <p><font face=3D"Arial">See you soon!<br> <br> Darren & Lisa.</font></p> </body> </html>wdfxpqbxsvh mx tx bfuuktwm oosf n c kj efknv jeb |
|
From: SourceForge.net <no...@so...> - 2003-06-10 19:21:02
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=2054821 By: rclewis I figured it out. The cf card had been formated through a usb device before. The init_flash script was writing a new label but the partition were still screwed up. I did a "dd if=/dev/zero of=/dev/ad0 count=128" to overwrite the first bit of the cf card then ran the script and it worked. I am sure I am not the first or the last to have this problem so, if you ever use your cf cards in another machine and it does not work try this. Rodger ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: SourceForge.net <no...@so...> - 2003-06-10 13:34:59
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=2054354 By: rclewis I have tried using the stock thewall.net4501.cf.0.4.gz file and am able to get it to PXE boot. Then when I run init_flash everything looks fine. When I reboot I get comBIOS ver. 1.15 20021013 Copyright (C) 2000-2002 Soekris Engineering. net45xx 0064 Mbyte Memory CPU 80486 133 Mhz Pri Mas SanDisk SDCFB-32 LBA 489-4-32 31 Mbyte PXE-M00: BootManage UNDI, PXE-2.0 (build 082) Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int ------------------------------------------------------------------- 0:00:0 1022 3000 06000000 0006 2280 00 00 00 00000000 00000000 00 0:18:0 100B 0020 02000000 0107 0290 00 3F 00 0000E001 A0000000 10 0:19:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0001000 11 0:20:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0002000 05 1 Seconds to automatic boot. Press Ctrl-P for entering Monitor. Missing operating system Is there a problem with SANs cf cards? I have also tried compiling from source. Here is the output of init_flash # init_flash Labeling disk... ******* Working on device /dev/ad0 ******* # /dev/ad0s1c: type: unknown disk: amnesiac label: flags: bytes/sector: 512 sectors/track: 50 tracks/cylinder: 116 sectors/cylinder: 5800 cylinders: 9 sectors/unit: 57950 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # milliseconds track-to-track seek: 0 # milliseconds drivedata: 0 8 partitions: # size offset fstype [fsize bsize bps/cpg] a: 57950 0 4.2BSD 0 0 0 # (Cyl. 0 - 9*) c: 57950 0 unused 0 0 # (Cyl. 0 - 9*) running newfs... Warning: Block size restricts cylinders per group to 104. Warning: 3492 sector(s) in last cylinder unallocated /dev/ad0a: 57948 sectors in 15 cylinders of 1 tracks, 4096 sectors 28.3MB in 1 cyl groups (104 c/g, 208.00MB/g, 3712 i/g) super-block backups (for fsck -b #) at: 32 downloading cf_image.tgz... tftp> Received 1629822 bytes in 3.7 seconds tftp> mounting cf... extracting cf_image.tgz... unmounting cf... Compact flash initialized, ready for a reboot Please help. I have a custom build of the floppy version working but would like to put it on the cf card in this nice "small" boxes. Rodger ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: SourceForge.net <no...@so...> - 2003-06-05 18:45:48
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=2048437 By: philbin Looking at the different download versions: PC, DHCP floppy boot PC, PPPoE floppy boot Net4501, PXE netboot Net4501, Compact Flash Statically linked Perl I have no idea which to use. I would like to setup a machine to work as a pass-through firewall. The machines behind the firewall would still use public IP addresses, so NAT is not necessary. Thanks. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: SourceForge.net <no...@so...> - 2003-04-10 19:00:33
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=1967114 By: sku Greetings! After 4.8R I decided to upgrade my host machine that I boot multiple Soekris devices from. Since 4.8 I can no longer boot. If I downgrade to 4.7 it boots just fine. Here's a copy of a tcpdump I did. This is very strange.. Does anyone have a cluebat they can wack me with??? 14:54:04.560399 10.0.250.35.969 > 10.0.250.97.1023: udp 72 (ttl 20, id 355, len 100) 14:54:04.560641 10.0.250.97.1023 > 10.0.250.35.969: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1966, len 56, bad cksum 0!) 14:54:04.561187 10.0.250.35.968 > 10.0.250.97.1023: udp 72 (ttl 20, id 356, len 100) 14:54:04.561336 10.0.250.97.1023 > 10.0.250.35.968: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1967, len 56, bad cksum 0!) 14:54:05.111516 10.0.250.35.967 > 10.0.250.97.1023: udp 72 (ttl 20, id 357, len 100) 14:54:05.111778 10.0.250.97.1023 > 10.0.250.35.967: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1969, len 56, bad cksum 0!) 14:54:05.112309 10.0.250.35.966 > 10.0.250.97.1023: udp 72 (ttl 20, id 358, len 100) 14:54:05.112493 10.0.250.97.1023 > 10.0.250.35.966: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1970, len 56, bad cksum 0!) 14:54:05.662645 10.0.250.35.965 > 10.0.250.97.1023: udp 72 (ttl 20, id 359, len 100) 14:54:05.662824 10.0.250.97.1023 > 10.0.250.35.965: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1975, len 56, bad cksum 0!) 14:54:05.663347 10.0.250.35.964 > 10.0.250.97.1023: udp 72 (ttl 20, id 360, len 100) 14:54:05.663490 10.0.250.97.1023 > 10.0.250.35.964: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1976, len 56, bad cksum 0!) 14:54:06.213772 10.0.250.35.963 > 10.0.250.97.1023: udp 72 (ttl 20, id 361, len 100) 14:54:06.213919 10.0.250.97.1023 > 10.0.250.35.963: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1977, len 56, bad cksum 0!) 14:54:06.214440 10.0.250.35.962 > 10.0.250.97.1023: udp 72 (ttl 20, id 362, len 100) 14:54:06.214580 10.0.250.97.1023 > 10.0.250.35.962: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1978, len 56, bad cksum 0!) 14:54:06.764901 10.0.250.35.961 > 10.0.250.97.1023: udp 72 (ttl 20, id 363, len 100) 14:54:06.765085 10.0.250.97.1023 > 10.0.250.35.961: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1983, len 56, bad cksum 0!) 14:54:06.765606 10.0.250.35.960 > 10.0.250.97.1023: udp 72 (ttl 20, id 364, len 100) 14:54:06.765747 10.0.250.97.1023 > 10.0.250.35.960: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1984, len 56, bad cksum 0!) 14:54:07.316037 10.0.250.35.959 > 10.0.250.97.1023: udp 72 (ttl 20, id 365, len 100) 14:54:07.316209 10.0.250.97.1023 > 10.0.250.35.959: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1987, len 56, bad cksum 0!) 14:54:07.316721 10.0.250.35.958 > 10.0.250.97.1023: udp 72 (ttl 20, id 366, len 100) 14:54:07.316864 10.0.250.97.1023 > 10.0.250.35.958: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1988, len 56, bad cksum 0!) TIA, SKU ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: SourceForge.net <no...@so...> - 2003-04-10 19:00:18
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=1967110 By: sku Greetings! After 4.8R I decided to upgrade my host machine that I boot multiple Soekris devices from. Since 4.8 I can no longer boot. If I downgrade to 4.7 it boots just fine. Here's a copy of a tcpdump I did. This is very strange.. Does anyone have a cluebat they can wack me with??? 14:54:04.560399 10.0.250.35.969 > 10.0.250.97.1023: udp 72 (ttl 20, id 355, len 100) 14:54:04.560641 10.0.250.97.1023 > 10.0.250.35.969: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1966, len 56, bad cksum 0!) 14:54:04.561187 10.0.250.35.968 > 10.0.250.97.1023: udp 72 (ttl 20, id 356, len 100) 14:54:04.561336 10.0.250.97.1023 > 10.0.250.35.968: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1967, len 56, bad cksum 0!) 14:54:05.111516 10.0.250.35.967 > 10.0.250.97.1023: udp 72 (ttl 20, id 357, len 100) 14:54:05.111778 10.0.250.97.1023 > 10.0.250.35.967: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1969, len 56, bad cksum 0!) 14:54:05.112309 10.0.250.35.966 > 10.0.250.97.1023: udp 72 (ttl 20, id 358, len 100) 14:54:05.112493 10.0.250.97.1023 > 10.0.250.35.966: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1970, len 56, bad cksum 0!) 14:54:05.662645 10.0.250.35.965 > 10.0.250.97.1023: udp 72 (ttl 20, id 359, len 100) 14:54:05.662824 10.0.250.97.1023 > 10.0.250.35.965: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1975, len 56, bad cksum 0!) 14:54:05.663347 10.0.250.35.964 > 10.0.250.97.1023: udp 72 (ttl 20, id 360, len 100) 14:54:05.663490 10.0.250.97.1023 > 10.0.250.35.964: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1976, len 56, bad cksum 0!) 14:54:06.213772 10.0.250.35.963 > 10.0.250.97.1023: udp 72 (ttl 20, id 361, len 100) 14:54:06.213919 10.0.250.97.1023 > 10.0.250.35.963: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1977, len 56, bad cksum 0!) 14:54:06.214440 10.0.250.35.962 > 10.0.250.97.1023: udp 72 (ttl 20, id 362, len 100) 14:54:06.214580 10.0.250.97.1023 > 10.0.250.35.962: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1978, len 56, bad cksum 0!) 14:54:06.764901 10.0.250.35.961 > 10.0.250.97.1023: udp 72 (ttl 20, id 363, len 100) 14:54:06.765085 10.0.250.97.1023 > 10.0.250.35.961: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1983, len 56, bad cksum 0!) 14:54:06.765606 10.0.250.35.960 > 10.0.250.97.1023: udp 72 (ttl 20, id 364, len 100) 14:54:06.765747 10.0.250.97.1023 > 10.0.250.35.960: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1984, len 56, bad cksum 0!) 14:54:07.316037 10.0.250.35.959 > 10.0.250.97.1023: udp 72 (ttl 20, id 365, len 100) 14:54:07.316209 10.0.250.97.1023 > 10.0.250.35.959: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1987, len 56, bad cksum 0!) 14:54:07.316721 10.0.250.35.958 > 10.0.250.97.1023: udp 72 (ttl 20, id 366, len 100) 14:54:07.316864 10.0.250.97.1023 > 10.0.250.35.958: [bad udp cksum 57e6!] udp 28 (ttl 64, id 1988, len 56, bad cksum 0!) TIA, SKU ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: SourceForge.net <no...@so...> - 2003-03-02 10:36:16
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=1906729 By: sonic2wb i cant seem to get my dsl to work with thewall. the interal network works fine. but the ppp seems not to work. the logs say that faild to open device and unable to send netgraph message . stats. P166 MMX 81megs ram 2 netgear fa311cards Earthlink pppoe dsl ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: Charlie Y. <cw...@xi...> - 2002-10-30 23:44:36
|
Hello, I pretty much have sshd running with this (taken from I think the bridg= e configuration of PICOBSD, read the comments in there) =96 I bring this = here from the 4501 discussion group as it=92s more appropriate. progs sshd # includes ssh and scp special sshd objvar SSHD_OBJS special sshd srcdir /usr/ports/picobsd/ssh-picobsd/work/ssh-1.2.27 special sshd objdir /usr/ports/picobsd/ssh-picobsd/work/ssh-1.2.27 ln sshd ssh ln sshd ssh1 ln sshd scp However, I still have problems; sshd wants to chown the pty device=92s ownership, but since /dev/ is mounted on a read only system, it can=92t= =2E My kludge for the moment is to remount / as writeable (mount =96u =96w)= , but that=92s not great for long term. Suggestions welcome. I=92m running it with FreeBSD 4.5. I had to find ssh-1.2.27.tar.gz on = the net, download and install for it to work, I think it had some dependenc= ies too, but I don=92t remember. The error I get: Oct 30 19:28:28 thewall sshd[71]: log: Password authentication for root accepted . Oct 30 19:28:28 thewall sshd[71]: root from 192.168.1.10 (password authenticatio n accepted) Oct 30 19:28:28 teewall sshd[71]: log: ROOT LOGIN as 'root' from 192.168.1.10 Oct 30 19:28:28 thewall sshd[71]: debug: Allocating pty. Oct 30 19:28:28 thewall sshd[71]: debug: chown failed for /dev/ttyp0, e= rror: Rea d-only file system. Removing user-settable flags, and retrying. Oct 30 19:28:28 thewall sshd[71]: debug: Removing user-settable flags w= ith chfla gs. Oct 30 19:28:28 thewall sshd[71]: debug: chflags failed for /dev/ttyp0, error: R ead-only file system Oct 30 19:28:28 thewall sshd[71]: error: ssh_pty_allocate_and_fork: cho= wn failed for /dev/ttyp0. Oct 30 19:28:28 thewall sshd[71]: debug: Forking shell. Oct 30 19:28:28 thewall sshd[71]: debug: Entering interactive session. Then the client just gets the message Warning: Remote host failed or re= fused to allocate a pseudo tty., and sits there. Other interesting things I did: Running thttpd (statically, 340 K) and htpasswd (haven=92t tried it yet= , 100K), putting kvm back in and having real netstat, also grep and cut. = And =91led=92, a small program to turn the 4501 led on or off, dynamically = linked in (based on the program posted earlier to the 4501 list). Plus some proprietary stuff of 270 =96300K, leaves me at 4100 for all. Next, I=92m hoping to try to get a DHCP server and a DNS cache working,= and some more remote monitoring cgi-stuff for the web server. Maybe some S= NMP stuff, maybe some routed. Anyone with any luck on those? Charlie |
|
From: Charlie Y. <cw...@xi...> - 2002-10-29 15:14:43
|
I'm not entirely sure what you mean by bandwidth manager support, but assuming you would like to be able to limit the bandwidth of certain types of services, you could do it by adding dummynet support to your kernel (edit PICOBSD file and add 'options DUMMYNET' then recompile). Then you add and configure pipes, where you can limit bandwidths to/from port 80 for xample -- read the dummynet docs. Charlie -----Original Message----- From: the...@li... [mailto:the...@li...]On Behalf Of Roberto Pereyra Sent: October 29, 2002 07:42 AM To: the...@li... Subject: [Thewall-general] bandwidth manager support Hi all Does have Thewall (or Picobsd) bandwidth manager support ?? How can do it ?? thanks roberto ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Thewall-general mailing list The...@li... https://lists.sourceforge.net/lists/listinfo/thewall-general |
|
From: <fr...@gu...> - 2002-10-29 12:40:32
|
Hi all Does have Thewall (or Picobsd) bandwidth manager support ?? How can do it ?? thanks roberto |
|
From: Charlie Y. <cw...@xi...> - 2002-10-18 15:37:47
|
Hello, In the docs there is mention of =91the easy way=92 to install is to use= a compact flash adaptor to preload the CF card with the software from a FreeBSD host with a CF adaptor. I don=92t have that, but I do have a W= indows 2000 laptop with a CF to PC Card adaptor. It is possible somehow to just image the software into the CF (I guess = the cf_tree/) by sticking the CF card in the laptop and using rawrite or something? Presumably, you need to create a FreeBSD filesystem on the = card, and have put the kernel in a bootable location (I guess the CF equivale= nt MBR)? Another question: I=92m confused by Step 1 of the PXE boot process, whe= re we are to configure the DHCP to supply =93pxeboot=94 as the boot filename.= Anyone have an example configuration of that? TIA Charlie |
|
From: <no...@so...> - 2002-08-22 17:42:38
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1656204 By: freebsdfan Thanks for the info, I'll add that as the default in rc.conf. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-08-21 05:39:17
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1654275 By: rainer_germany Hi, I use thewall.pc.pppoe.0.2. After the connection to my ISP is dropped for some reason, the box reconnects as it should - but no data goes thru ... I have configured out that the reason is natd. With natd_flags="-dynamic" in rc.conf everything works well. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-06-12 15:38:29
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1593194 By: freebsdfan I haven't installed sshd myself, but generally all have to do to get a program to run on theWall is to built the executable with a static link (by specifying -static to the linker). Unfortunately there isn't enough disk space left on the floppy for sshd. You might be able to modify the startup scripts to load sshd from a second floppy, or something. I'm planning on a CD bootable version of theWall, but I haven't really started working on it yet. I suspect the 4.6 release of FreeBSD will not fit on a floppy any longer so that might give me a push. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-06-11 23:34:07
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1592666 By: plecheler Hi - Great project. Got it going in less time that it took the read the instructions. Running on an old P100 w/32M, floppy and cdrom (no hard drive). Disabled telnetd and use only the console to connect. On another FreeBSD box I compiled the picoBSD ssh version (doing a 'make configure' and 'make' but not 'make install' because it already has it's own sshd running on it). So the question now is what steps are necessary to move it over to theWall? My assumption is that I'll need to ftp it over after I have the system running (or put it on a cdrom). Do I just take the sshd or are there other parts needed? I know I'll need to set up a config file, that could be ftp'd as well. It would be nice to package everything and burn it to a CD to eliminate the FTP step. Any gotchas I should know about? As an aside I opened one UDP port back into my internal network (outbound only) for sending all syslog messages back to a syslog machine. That necessitated adding a line to syslog.conf to send *.* messages to the remote machine. I also changed it to send *.* messages to /dev/console. It's a bit annoying but the level of messages is not that great and I like to know what's going on. pl ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-24 15:23:10
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1578028 By: rainer_germany A bootable CD version is a very nice idea, because everyone owns a old cdrom-drive. Do you plan to store the configuration files in /etc on a floppy disk? If you are searching for a beta tester - I'am here ;-) ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-24 14:31:08
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1577971 By: freebsdfan Thanks for the suggestion, write protecting the boot floppy is a great idea. I'll add it to the documentation. Removing the logon banners is a good idea to avoid giving people information they could possibly use to figure out how to break into the system. However in our case with only a single root user by the time an intruder sees the banner he's already in. Additionally theWall is really just some build scripts for FreeBSD, I really don't want to modify the FreeBSD release sources for a number of reasons, not the least of which is the amount of work it would take to track changes. There are a *lot* of additions that would be nice to have, the biggest problem is that there's almost no space left on the floppy as is. Snort, etc will have to wait for a bootable CD or compact flash version of theWall. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-24 08:55:02
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1577716 By: rainer_germany Hello again, ;-) today i started to configure out the minimal file permissions needed for theWall to run... But there is something very curious: Even if i change file-permissions of a file to 000, so that nobody should be able to access the file, root is able to read, write and execute it. Is the rights management not fully implemented or is this a general fault on FreeBSD systems? Sure root is the superuser, but as long as he is able to run chmod, he could gain his rights back. I have worked a few years as security administrator on mainframe systems (IBM OS 390/MVS) and there it was usual to crumble down the rights to everything you don't need access to. That is to prevent accidently change or loss of any data. A few weeks ago, i have read a few articles about hardening, especially for OpenBSD Systems at: geodsoft.com\howto\harden There are some realy good idears, here are only a few: It would be nice to add a little note in the documentation to enable the write protection of the floppy disk when the firewall ist still running and nobody is actual working on it. By doing so, a hacker isn't able to make persistant changes to the system - after a reboot we have always a clear system. Another suggestion is to remove the Logon Banners on the console and telnet. Is it possible to implement cron and automate a Nightly Security Audit to detect filechanges and to create a changelog? An IDS-system (snort?) and a sniffer would also be nice to detect and analyse attacks.. ;-) greetings Rainer ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-23 21:17:26
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1577370 By: rainer_germany Hello again, ;-) today i started to configure out the minimal file permissions needed for theWall to run... A few weeks ago, i have read a few articles about hardening, especially for OpenBSD Systems at: geodsoft.com\howto\harden The are some realy good idears, here are only a few: It would be nice to add a little note in the documentation to enable the write protection of the floppy disk when the firewall ist still running and nobody is actual working on it. By doing so, a hacker is not able to make persistant changes to the system - after a reboot we have always a clear system. Another suggestion is to remove the Logon Banners on the console and telnet. Is it possible to implement cron and automaticly make a Nightly Security Audit to detect filechanges and to create a changelog? An IDS-system (snort?) and a sniffer would also be nice to detect and analyse attacks.. greetings Rainer ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-23 19:13:12
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1577271 By: rainer_germany Hello freebsdfan, i have played a litte with my box (thewall.pc.pppoe.0.2) and have found a few improvements that may be interessing for you: Sorry, i'm a litte bit paranoid ;-) 1. I have deleted all users except root and there wasn't any error message, everything worked in the same way as before, so i think the other users are useless - so i suggest to make a note in the documentation or delete them in the downloadpackage. 2. The file-permissions of most files could be more restrictiv: for example: they are 555 for all executable files in /stand - im not very familar with this, but is 500 enough? 666 for most files in /dev - is 600 enough? and so on... 3. Every boot creates a file "passwd" in /etc - there are no passwords in it, but the rights are 644 so an intruder knows already the account-names, with a password-generator it is only a question of time until he gets root-permissions in.. 4. It would be a nice hint in the documentation to change the name of the user root in the master.passwd to something else to improve security.. 5. the last rule in rc.firewall is: ${fwcmd} add deny ip any to any - im not very familar with it and just because im not knowing which protocols are else supported by the kernel i have changed it to: ${fwcmd} add deny all any to any Or dosn't this make any difference? greetings Rainer PS: I started translation of your documentation to german yesterday (README and EXAMPLE.PPPoE), when i'am ready (~ in 14 days) i will email it to you. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-23 14:42:32
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1576996 By: freebsdfan Wow ... I didn't realize there was a "user" account! You should *definitely* delete it ! (Just use the editor to delete the user line from /etc/master.passwd, run update and then reboot, the password database is rebuilt on every boot). GOOD CATCH ! THANKS !! The net4501 versions of theWall do not have the "user" account, only the PC versions. I'm not sure how that happened, I must have picked master.passwd up from the original PicoBSD sources. Of the accounts you list only root and user should be able to login, the rest are disabled. I *believe* the other accounts are needed for proper operation of the system daemons, but I'm not sure. The FreeBSD man pages are available on the FreeBSD web site here: http://www.freebsd.org/cgi/man.cgi?manpath=FreeBSD+4.5-RELEASE You can logout by typing ctrl-D. The logout command is a csh built-in command, theWall uses sh which does not have the command. ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-23 12:14:56
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1576769 By: rainer_germany Hello freebsdfan, after the installation there are a lot of users. toor, daemon, operator, bin, nobody ,user Are they all nessesarry, and were are they used for and is it possible to change the passwords?? Can i get information about this on the internet? I know the user root and the passwd-Command. Is it possible to log in via one of the other users? Is it a security risk that if i am logged in with root i can't logout because the command is missing? thanks Rainer ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
|
From: <no...@so...> - 2002-05-21 21:41:14
|
Read and respond to this message at: http://sourceforge.net/forum/message.php?msg_id=1575183 By: rainer_germany I had configured the defaultgateway on my Windowsbox correct, but in the DNS entry i had the IP from "the wall" because i wasn't sure if on the wall a dns-server is running. And a ping wasn't possible because ICMP is denied. But after i run in trouble i have forgotten to read the rest of your dokumentation ;-) thanks Rainer ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: http://sourceforge.net/forum/monitor.php?forum_id=101881 |
