Author |
Message |
|
Post subject: RE: CBQ a StarOS
Posted: 10.10.2005 - 17:21 #23827
|
|
Basic
Joined: Sep 20, 2005
Posts: 14
|
|
Pootreboval bych poradit.Potrebuju povolit ve firewallu (StarOs) port 10000!Přečetl jsem manual ale pořad nic a proto jsem ho cely opsal.mam tam někde chybu?
net = ether1
client = wlan1
#
ldeny tcp from any to any 708 in via $net # Hotspot web proxyserver,make sure $net is correct if
# Using hotspot servis.
ldeny tcp from any to any 8080 in via $net # Disable access to primary proxy serverfrom outside world.
# Some important firewall rules that will prevent infection of Windows system using RPC buffer overruns.
deny tcp from any to any 135 in via $net # RPC port, used by many worms to infect Windows systems
deny udp from any to any 135 in via $net # RPC port, used bz many worms to infect windows system
# It is recommended to uncomment the following 6 rules to prevent access to MS Windows file shares.
# deny tcp from any to any 137 in via $net # NetBios (TCP)
# deny udp from any to any 137 in via $net # NetBios (UDP)
# deny tcp from any to any 138 in via $net # NetBios (TCP)
# deny tcp from any to any 138 in via $net # NetBIos (UDP)
# deny tcp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP
# deny tcp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP
# To allow a specific IP access to the reports, change the admin_ip below.
admin_ip = "!127.0.0.1" # ie. 64.124.65.19. or 64.124.65.0/24 for the entire class ´0´
ldeny tcp from ! $admin_ip to any 791 in # CBQ Report
ldeny tcp from ! $admin_ip to any 792 in # Firewall and NAT Report
ldeny tcp from ! $admin_ip to any 793 in # W/LAN Device statistics
ldeny tcp from ! $admin_ip to any 794 in # System ARP Table
ldeny tcp from ! $admin_ip to any 795 in # Active Routing Table
ldeny tcp from ! $admin_ip to any 800 in # IP Accounting collection
ldeny tcp from ! $admin_ip to any 801 in # Results from previous IP Accounting collection
# Firewall samples
# # Only allow www hosting on a specific server, and disable for restof clients
# allow tcp from any to 192.168.1.15 80 in via $net
#
# # Forward all www traffic from the clients to proxy server.(transparent proxy)
# forward tcp to 1.2.3.4 8080 from 192.168.1.0/24 to any 80 out via $net
#
# deny tcp from any to any 80 in via $net # Disable www hosting (except for server listed above)
# deny tcp from any to any 8888 in via $net # Disable napster hosting
# deny tcp from any to any 8080 in via $net # Internal Proxy
# deny tcp from any to any 1080 in via $net # Socks Server
# deny tcp from any to any 666 in # Satan trojan (disable to/from clients)
# deny tcp from any to any 37337 in # Used bz manz trojans (disable to/from clients) |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 10.10.2005 - 21:52 #23841
|
|
Basic
Joined: Sep 10, 2005
Posts: 18
|
|
Nemas tam prece nikde ani zminku o tom portu.
Do promenne admin_ip zadej ip nebo rozsah ip, ze kterych ma byt pristup na port povolen
a pridej radek:
ldeny tcp from ! $admin_ip to any 10000 in
potrebujes k tomu stejne ale jeste HDD v masine na ktere ti bezi ten staros, jinak ti nepojede hotspot, kvuli kteremu to pravdepodobne chces. |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 10.10.2005 - 21:57 #23842
|
|
Basic
Joined: Sep 10, 2005
Posts: 18
|
|
net = ether1
client = wlan1
#
ldeny tcp from any to any 708 in via $net # Hotspot web proxy server, make sure $net is correct if
# using hotspot service.
ldeny tcp from any to any 8080 in via $net # Disable access to primary proxy server from outside world.
# Some important firewall rules that will prevent infection of Windows systems using RPC buffer overruns.
deny tcp from any to any 135 in via $net # RPC port, used by many worms to infect Windows systems
deny udp from any to any 135 in via $net # RPC port, used by many worms to infect Windows systems
# It is recommended to uncomment the following 6 rules to prevent access to MS Windows file shares.
# deny tcp from any to any 137 in via $net # NetBios (TCP)
# deny udp from any to any 137 in via $net # NetBios (UDP)
# deny tcp from any to any 138 in via $net # NetBios (TCP)
# deny udp from any to any 138 in via $net # NetBios (UDP)
# deny tcp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP
# deny udp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP
# To allow a specific IP access to the reports, change the admin_ip below.
admin_ip = "10.0.0.0/8" # ie. 64.124.65.19 or 64.124.65.0/24 for the entire class 'C'
ldeny tcp from ! $admin_ip to any 791 in # CBQ Report
ldeny tcp from ! $admin_ip to any 792 in # Firewall and NAT Report
ldeny tcp from ! $admin_ip to any 793 in # W/LAN Device statistics
ldeny tcp from ! $admin_ip to any 794 in # System ARP Table
ldeny tcp from ! $admin_ip to any 795 in # Active Routing Table
ldeny tcp from ! $admin_ip to any 800 in # IP Accounting collection
ldeny tcp from ! $admin_ip to any 801 in # Results from previous IP Accounting collection
ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager. |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 10.10.2005 - 22:06 #23844
|
|
Guru
Joined: Dec 27, 2002
Posts: 1505
|
|
doporucujem nahradit riadok
ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.
riadkom
#ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.
a konfiguraciu ulozit a staros restartnut
mgx |
|
|
|
|
|
|
Post subject: Proc ?
Posted: 10.10.2005 - 22:18 #23845
|
|
Basic
Joined: Sep 10, 2005
Posts: 18
|
|
mgx wrote: ›doporucujem nahradit riadok
ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.
riadkom
#ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.
a konfiguraciu ulozit a staros restartnut
mgx
Ja to mam bez krizku a funguje mi to, mas nejaky duvod, o kterem bych nevedel, proc tam ten komentovaci krizek ma byt ? |
|
|
|
|
|
|
Post subject: sorry
Posted: 11.10.2005 - 09:31 #23847
|
|
Guru
Joined: Dec 27, 2002
Posts: 1505
|
|
aha, mea culpa.
bol som v tom, ze ti to nefunguje vobec
takze, ak mas dobre nastavenu premennu $admin_ip,
tak ten riadok tam nechaj
jeho zakomentovanie sposobi pristup do admin konzoly aj z inej IP, ako je $admin_ip |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 12:54 #23849
|
|
Basic
Joined: Sep 20, 2005
Posts: 14
|
|
diky za radu,ja to teda pujdu zkusit a chci se jeste az povolim ten port 10000 tak ( u wrabu) kdyz dam v prohlizeni ip adresu toho wrabu a :10000 tak jestli mi naskoci web management nebo jestli semusi taky nekde povolit.Diky! |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 12:55 #23850
|
|
Basic
Joined: Sep 20, 2005
Posts: 14
|
|
diky za radu,ja to teda pujdu zkusit a chci se jeste az povolim ten port 10000 tak ( u wrabu) kdyz dam v prohlizeni ip adresu toho wrabu a :10000 tak jestli mi naskoci web management nebo jestli semusi taky nekde povolit.Diky! |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 12:56 #23851
|
|
Basic
Joined: Sep 20, 2005
Posts: 14
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 13:06 #23852
|
|
Guru
Joined: Dec 27, 2002
Posts: 1505
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 13:31 #23856
|
|
Basic
Joined: Sep 10, 2005
Posts: 18
|
|
Jestli to chceš provozovat na wrapu, tak asi nepochodíš, protože hotspot využívá Radius a ten zase potřebuje HDD, takže asi nepochodíš, ale to poznáš. |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 13:35 #23857
|
|
Basic
Joined: Sep 20, 2005
Posts: 14
|
|
aha tak to mi nikdo nerekl!A k cemu je tam potreba Radius? |
|
|
|
|
|
|
Post subject: RE: CBQ a StarOS
Posted: 11.10.2005 - 13:39 #23858
|
|
Basic
Joined: Sep 10, 2005
Posts: 18
|
|
K rozpoznávání klientů a k dalším věcem ) |
|
|
|
|
|
|
Post subject: CBQ
Posted: 17.11.2005 - 20:38 #25369
|
|
Basic
Joined: Nov 17, 2005
Posts: 4
|
|
Kde by som mohol najst vsetky pouzitelne prikazy pre bandwidth management a firewall, prip. vysvetlenie alebo priklady, co spravi napr. bw, fb, ... v qshape ... dik
matt |
|
|
|
|
|
|
Post subject: CBQ
Posted: 17.11.2005 - 20:59 #25370
|
|
Basic
Joined: Júl 24, 2004
Posts: 240
|
|
matt wrote: ›Kde by som mohol najst vsetky pouzitelne prikazy pre bandwidth management a firewall, prip. vysvetlenie alebo priklady, co spravi napr. bw, fb, ... v qshape ... dik
matt
ved sa to nachadza priamo v tomto threade co sa tyka CBQ:
from MGX: "Podrobné informácie o CBQ: http://www.icir.org/floyd/cbq.html " |
|
|
|
|
|
|
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group Credits |