---------------- Linux Info: Part 2 - Closing Ports, Restricting Telnet Access, Firewall, PPP By: dr0z(Sept. 5 1998) Fusion ---------------- *Note: Hopefully you have read " Linux Info: Part 1 ", if you havn't, do that first =] By now you better have linux installed on your system, if you don't this part won't do you much good. In this part I will show you some thing you should do before getting on-line with linux. Also I will give you a easy to use ppp script that should help you get on the net. OK, lets get started... First thing you need to do is close all unecessary ports that are open. You can do this by editing the /etc/inetd.conf file. Personally I close them all except Auth(113), since some servers require it to be open. You close a port by putting a "#" in front of the line. If you are planning on giving shell accounts then you need to leave the telnet and rlogin shit open. If you don't the customers won't be able to login remotely =]. Also leaving unecessary ports open will raise hell when you get on the internet. So if you leave one open, you are asking for trouble. hehe....I learned the hard way. =] Next, you need to put restrictions on who you want to allow and who to deny telnet access to. If you are not gonna offer shell accounts you will want to restrict all telnet to everyone. You do this by editing the /etc/hosts.allow and /etc/hosts.deny, in the /etc/hosts.allow you will want to add "localhost", and any trusted hosts(if any), then in the /etc/hosts.deny you will want to add "ALL: ALL", that will deny all hosts, except the ones specified in the hosts.allow file. Ok, now if you are gonna give shell accounts then you will probably want to put ALL: ALL in the hosts.deny file, and then as customers sign up you can put thier host name into the hosts.allow. You can do it however you like, I don't know how the big places give shell accounts and keep from letting unwanted users telnet in. That is how I would probably do it though. =] Ok, now if you want a firewall i will give you the files you need and info on setting it up. First I would like to thank l0rds(cyberk9.uddf.net) for helping me setup this firewall on my linux box. Now, onto business... First go d/l this file: http://www.geocities.com/SiliconValley/Park/7292/isinglass-1.12.tar Once you have that file untar it and read the readme =]. Before you do anything edit the isinglass.conf in the base dir for isinglass =]. editing the file is pretty self-explanitory, if you don't understand what it says, then you shouldn't be installing this firewall. If you don't have ipwafdm installed on your linux box, you can go d/l it at ftp.unc.sunsite.edu Now onto the ppp script. You can d/l it at http://www.geocities.com/SiliconValley/Park/7292/connect.tgz Current Kernel Version: 2.0.35 (Stable) Get it at: ftp.kernel.org -------------------------------------------- Linux Info: Part 3 C-O-M-I-N-G S-O-O-N Shoutouts to: ResiD, Strife, l0rds, Bigg_dawg, kan, XeXeN, PhrznCorpz, and anyone else I may have forgot. Fusion In Da HOUSE!