[MLB-WIRELESS] IP Tables.

rick mibz at optushome.com.au
Wed Apr 6 05:47:18 EST 2005 

i would just like to state at no stage have i ever had 219 people 
downloading off me at once

sanbar wrote:

> Phil NodeHPL wrote:
>
>> Hi Guys,
>
>
> Hello Phil
>
>> Ok, well progress back here at NodeHPL, and my surronding area, leads 
>> me to the next question about working with MelbWireless.
>>  
>> IP Tables.
>
>
> Ooh. The black art of firewalling. Werd.
>
>> Now I've had a /16 (i think) given to me, I know NodeIPK near me also 
>> has an IP allocation, but how do we setup our IP's locally, and then 
>> intern, link to each other and the rest of the group, while 
>> maintaining our independant broadband services (like I have aDSL with 
>> Internode), and our own private network.
>>  
>> currently my knowledge extends to and is also limited to :
>>  
>> All IP's in my personnal network are 192.168.0.x with 192.168.0.1 as 
>> my aDSL Modem/Router (which does dhcp .30 to .250)
>
>
> Please take a moment to go to the window and wave to Rick and all his 
> 219 dynamically assigned IP mates[1] downloading all their dwarf pr0n 
> now they know they have open access :)
>
> (big snip of internal network setup details)
>
>> How can I setup my network, to give unlimited access to anyone within 
>> my private network to :
>>  
>> each other,
>> my aDSL,
>> Melbourne Wireless.
>>  
>> Without allowing :
>>  
>> Melbourne wireless to use my aDSL
>> Melbourne wireless to see my private network (beyond my SME server)
>> my aDSL to see my private network (beyond my SME server)
>> my aDSL to see Melbourne wireless
>
>
> You probably need to set up a DMZ and treat your "Melbourne Wireless" 
> interface as though it's the big, bad internet. That means you need to 
> set up your iptables firewall to only let certain services come in 
> from the Melbourne Wireless side of the network, and certain services 
> go out to the Melbourne Wireless side of the network. A spare computer 
> with a couple of network interfaces running any flavour of un*x will do.
> Firewalling ain't easy, as you really need to know what you are doing 
> to get a system secure. If you want to learn it, start with someone 
> else's (a really good starting point is a script at 
> http://orbital.wiretapped.net/~technion/iptables.txt), pull it apart, 
> break it, and put it back together.
> Some people are paid a lot of money (unless they work for Dodo) to 
> sort out the problem you've just described, and I haven't even 
> scratched the surface of stuff such as network address translation, 
> shutting down unnecessary services, mac filtering and so on. This 
> level of network control is hard to do for a beginner, and even harder 
> to get right.
> What you should be saying is: "Hey guys, if I throw on a free barbecue 
> and cut you some beer, can you come around and play with my node setup 
> and help me fine-tune it, then let me know how to manage it?" That may 
> get you close to achieving everything you've asked in this email 
> within a short timeframe.
> - Barry
>


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list