顯示文章

這裡允許您檢視這個會員的所有文章。請注意, 您只能看見您有權限閱讀的文章。


主題 - decade_joe

頁: [1]
1
Linux 討論版 / old files lost
« 於: 2004-01-06 12:03 »
I install new linux red hat 9.0, I mount old harddisk but old create files 無故失蹤, 只剩下空 all folders

2
Linux 討論版 / do not prompt type password
« 於: 2003-11-16 20:50 »
I have problem in linux console login, I type root for login, but do not

prompt type password, and hand in this screen, why?

I am very ugrent, please!

3
Linux 討論版 / clear last user log
« 於: 2003-11-14 10:13 »
How to clear last command user log

4
Linux 討論版 / iptables防毒
« 於: 2003-11-04 11:56 »
請問各位高手用Iptables + 甚麼防毒software, 可以做到防毒Gateway,
好似 NAI Web Shield 的工能, 每一個Packet都Scan, Thanks!!!

5
請問 iptables是否有方法防止不被掃到我開那幾個port

example. "NetBrute Scanner"


Thank you very much!

6
請問Sendmail 如何用Windows AD Account, 我真是找了好耐都找不到文竟,
請各高手指點

7
酷!學園 精華區 / [最佳]DMZ 不設 NAT
« 於: 2003-07-04 23:01 »
請問各位高手, DMZ 如何不設 NAT, 可以教我嗎?
Thanks!!!!!

8
Linux 討論版 / Real Time 看User Logon
« 於: 2003-05-31 22:58 »
請問如何 Real Time 看User Logon, 如FTP, Telnet, Email, SSH等,
謝謝各位!!!

9
酷!學園 精華區 / 2張Lan Card取1個IP Address
« 於: 2003-05-28 12:16 »
請問各位如何在Linux用2張Lan Card取1個IP Address, 而2張Lan Card同時運作,加強Network Brandwidth 或達到不會Network down地步, 多謝!

10
Linux 討論版 / 自已做Gateway
« 於: 2003-05-24 16:38 »
Long time no see.

請問Gateway不設ISP Gateway, 而設自己IP做Gateway還可以上網,Why?
我試過用traceroute command, 結果是會去抓ISP Gateway 出,奇怪...

11
請問各位高手sendmail如何用Windows Server Account for login,有何方法,謝謝各位.

12
Linux 討論版 / [b]Firewall Setting[/b]
« 於: 2003-02-27 21:12 »
請間各位學長,小弟設定的 Firewall 有可安全漏動,請指教

#!/bin/bash

PATH=/sbin:/usr/sbin:/bin:/usr/bin

start() {

# ------------------------------------------ INFO ------------------------------------------
HOSTNAME=joe.no-ip.com
WAN_IF=ppp0
DMZ_IF=eth2
DMZ_IP="192.168.1.254"
DMZ_SRV="192.168.1.1"
INPUT_TCP="22,23,53,113"
FORWARD_TCP="20,21,25,53,80,110,113,143,443,3389"
UDP_PORT="53"

# ------------------------------------------ IP FORWARD ------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward

# ------------------------------------------ MODULES ------------------------------------------
modprobe ip_tables
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
modprobe ip_nat_irc

# ------------------------------------------ FLUSHING ------------------------------------------
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z

# ------------------------------------------ POLICIES ------------------------------------------
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

# ------------------------------------------ SERVICES ------------------------------------------
iptables -A INPUT -i ! $WAN_IF -m multiport -p tcp --dports 20,21,80 -j ACCEPT
iptables -A INPUT -i $WAN_IF -m multiport -p tcp --dports $INPUT_TCP -j ACCEPT
iptables -A FORWARD -i $WAN_IF -o $DMZ_IF -m multiport -p tcp --dports $FORWARD_TCP -j ACCEPT
 
# ------------------------------------------ INPUT ------------------------------------------
iptables -A INPUT -i $WAN_IF -p tcp ! --syn -j ACCEPT
iptables -A INPUT -i $WAN_IF -p udp --sport $UDP_PORT -j ACCEPT
iptables -A INPUT -i $WAN_IF -p icmp --icmp-type ! 8 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ! $WAN_IF -j ACCEPT

# ------------------------------------------ FORWARD ------------------------------------------
iptables -A FORWARD -i $WAN_IF -p tcp ! --syn -j ACCEPT
iptables -A FORWARD -i $WAN_IF -p udp --sport $UDP_PORT -j ACCEPT
iptables -A FORWARD -i $WAN_IF -p icmp --icmp-type ! 8 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ! $WAN_IF -j ACCEPT

# ------------------------------------------ OUTPUT ------------------------------------------
iptables -A OUTPUT -j ACCEPT

# ------------------------------------------ NAT MASQ ------------------------------------------
iptables -t nat -A POSTROUTING -o $WAN_IF -j MASQUERADE

# ------------------------------------------ NAT PREROUTING ------------------------------------------
iptables -t nat -A PREROUTING -d $HOSTNAME -m multiport -p tcp --dports $FORWARD_TCP -j DNAT --to $DMZ_SRV

# ------------------------------------------ NAT POSTROUTING ------------------------------------------
iptables -t nat -A POSTROUTING -d $DMZ_SRV -m multiport -p tcp --dports $FORWARD_TCP -j SNAT --to $DMZ_IP

# ------------------------------------------ NAT OUTPUT ------------------------------------------
iptables -t nat -A OUTPUT -d $HOSTNAME -m multiport -p tcp --dports $FORWARD_TCP -j DNAT --to $DMZ_SRV

}

stop() {

# ------------------------------------------ INFO ------------------------------------------
HOSTNAME=
WAN_IF=
DMZ_IF=
DMZ_IP=
DMZ_SRV=
INPUT_TCP=
FORWARD_TCP=
UDP_PORT=

# ------------------------------------------ FLUSHING ------------------------------------------
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat

# ------------------------------------------ POLICIES ------------------------------------------
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

}

restart() {

stop
start

}

status() {

iptables -L -n | less
iptables -t nat -L -n | less

}

case "$1" in
  start)

   start
      echo "Firewall is start ..........{ OK }"
   ;;
  stop)

   stop
      echo "Firewall is stop ..........{ OK }"
   ;;
  restart)

   restart
      echo "Firewall is restart ..........{ OK }"
   ;;
  status)

   status
   ;;
  *)
      echo $"Usage: $0 {start|stop|restart|status}"
   exit 1
esac

exit $?

13
Linux 討論版 / Sendmail Problem
« 於: 2003-01-26 10:47 »
我在Sendmail的access file 打了
192.168.0     Relay
令本人的network可以Send Email,
但我到其他Network Send Email 就 Send 不到,
請問有何方法令全世界IP & Network都可Sendmail呢?
請指教

14
Linux 討論版 / iptables problem
« 於: 2003-01-25 21:12 »
請問在iptables中,不加LanCard,會有問題嗎?
例如:
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A INPUT -d 205.252.144.77 -p tcp --dport 23 -j DROP
iptables -t nat -A PREROUTING -d 205.252.144.77 --dport 80 -j DNAT --to 192.168.0.1:80

15
Linux 討論版 / Telnet Default Page
« 於: 2002-11-23 08:29 »
How to set Linux telnet server and SSH server default page

Example : telnet://one4all.netvigator.com

16
肉腳版 / Telnet Default Page
« 於: 2002-11-22 23:03 »
How to set Linux telnet server and SSH server default page

Example : one4all.netvigator.com ( Telnet )

17
Linux 討論版 / iptables problem
« 於: 2002-11-21 22:16 »
My network have multi subnet

A. 192.168.0.0/24
B. 192.168.1.0/24
C. 192.168.2.0/24

How to enable multi subnet ip forward ?

18
Linux 討論版 / iptables problem !!!
« 於: 2002-10-14 22:50 »
FIREWALL PC IP [/b]= 192.168.0.254 ( Internal ), 202.x.x.x ( External )
WWW SERVER PC IP = 192.168.0.1
TESTING PC = 192.168.0.2

I use " iptables -t nat -A PREROUTING -p tcp -d 202.x.x.x --dport -j DNAT --to 192.168.0.1 " for Port Mapping, I use TESTING PC ( 192.168.
0.2 ) to test command is OK, but I want use WWW SERVER PC ( 192.168.0.1 ) to test this command is fail, Why?
Please all friends provide solution!!!

頁: [1]