Berkeley CSUA MOTD:Entry 21019
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/23 [General] UID:1000 Activity:popular
11/23   

2001/4/18 [Computer/Networking] UID:21019 Activity:very high
4/19    Anyone know good firewall info ideally balancing maximum security with
        minimum effort (ignoring cost and competence)?
        \_ If you want a ready-made solution, you can pick up a sonicwall
           for about $1000--they are fairly decent.  For high security, I
           would recommend OpenBSD with ipf--syntax is well documented and
           straightforward.  http://www.openbsd.org and for the ipf page,
           (also known as ipfilter), http://coombs.anu.edu.au/ipfilter
           Mail me if you want some tips.  -John
        \_ yeah. sure.  is this a consulting job?
        \_ yes, its called an 'airwall'.  Complete internet security
           accomplished with about 30 seconds worth of effort. Simply find
           your router and unplug its internet connection.  Where do I send
           my consulting invoice?
        \_ OpenBSD -> 30 min to 1 hr install, 30 min setup, 30 min testing.
                                           firewall?
           \_ and 4ever to make world.  Linux + iptables is fine
                                        \_ Yeah if you don't care about
                 BTW, D0 U KN0W WH1CH V3R510N 0F G11BC 1 N33D 2 RUN
                 K3RN31 2.4? I C4N7 F1ND TH3 R1GHT RPM on RH.C0M.
                                           performance, security, stability
                                           logging and working stateful
                                           filtering.
                 RUNN1G K3RN31 2.4? I C4N7 F1ND TH3 R1GHT 1Z on RH.C0M.
                                           BTW, What's the IP Addr of your
                                           firewall? I could use an extra
                                           machine for running setiathome.
              \_ D00D U R 50 R1GH7! M4K3 W0R1D SUX! Y WOU1D U BU11D
                 UR B1N4R135 4ND 11BR4R145 WH3N U C4N U53 RPM5?!?
                 BTW, D0 U KN0W WH1CH V3R510N 0F G11BC 4ND LD 1 N33D 4
                 RUNN1G K3RN31 2.4? I C4N7 F1ND TH3 R1GHT 1Z 0N RH.C0M.
                 \_ So how come Mac and Windows users don't get shit for
                    not compiling every program they use and relying on
                    things like Install Shield or .sit and worrying whether
                    their registry settings get all f'ed up?
                    \_ D00D U U53 M$ LO53*?!? U N33D 2 UPGR4D3 2 4 R341
                       05! 1 C4N 1N57411 31337 R3D H47 GN00/L1NSUX 4 U!
                       N0 1 U535 M4C5. 17 15 4 S10W A55 T0Y 4 L17713
                       K1D5! 31337 H4X0R5 411 U53 DU41 C3L3 733'5 0C'3D
                       2 1 G1G!
2024/11/23 [General] UID:1000 Activity:popular
11/23   

You may also be interested in these entries...
2008/8/5-10 [Computer/Networking] UID:50788 Activity:nil
8/5     It looks like my company has started blocking HTTPS tunneling.
        I used to do this by tunneling SSH through the HTTP/HTTPS proxy
        server, but this seems to have stopped working. Does anyone know
        how the implementation of tunneling detection works, and whether
        there are widely available implementations? We run a bunch of MS
        stuff, so I imagine we're running an MS proxy server or something.
	...
2007/6/28-7/2 [Computer/Networking] UID:47104 Activity:nil
6/28    what?
        We are deeply, deeply sorry to say that due to licensing constraints,
        we can no longer allow access to Pandora for most listeners located
        outside of the U.S. We will continue to work diligently to realize
        the vision of a truly global Pandora, but for the time being we are
        required to restrict its use. We are very sad to have to do this, but
	...
2007/6/28-7/2 [Computer/SW/SpamAssassin] UID:47111 Activity:nil
6/28    Q: What are folks using these days for anti-spam measures?  I'm
        looking for something that integrates with my MTA (postfix) or my
        delivery agent (sieve).  Currently I'm using a crufty version of
        spamassassin wired into postfix via amavisd-new.  It's decent, but I
        don't want to be bothered with manually upgrading spamassassin or
        updating rulesets on a regular basis.  Anyone have any experience
	...
2007/4/19-21 [Computer/Networking] UID:46375 Activity:nil
4/19    After installing Logitech wireless mouse, my friend cannot connect from
        his PC to his wireless broadband router via a USB wireless network
        device.  It said that it cannot obtain IP address from the router.  Even
        uninstalling the Logitech wireless mouse doesn't help.  Do you know how
        to fix the wireless LAN problem, so that his PC can obtain IP address
        again?
	...
2006/3/25-27 [Computer/Networking] UID:42433 Activity:nil
3/24    I want to write in my DSL router to allow incoming connection
        from certain IP range. How do I find out the IP range for SBC
        DSL say in Bay Area/SF?
	...
2006/2/18-23 [Computer/Networking] UID:41923 Activity:low
2/18    My DSL modem's ip address is 192.168.0.1, my internal network
        behind my router is 10.0.0.x. Is there a way I can configure
        the router so I can access the DSL modem from my 10.0.0.x
        network directly without re-wiring? Static routes? I tried it
        but no much luck. I also tried changing my internal network to
        192.168.0.x, but still does not work. Thanks.
	...
2006/1/28-31 [Computer/Networking] UID:41585 Activity:low
1/28    Just switched to Comcast from SBC and generally happy with it.  But
        can someone please explain to me why they are constantly pumping
        ARP traffic through the network?  It seems harmless, but I'm curious
        as I didn't see it with DSL.  It's a little disconcerting to see
        constant traffic on your router, even if ARPs are harmless from
        a bandwidth perspective, and it makes the WAN send/receive light
	...
2006/1/22-24 [Computer/Networking] UID:41477 Activity:nil
1/21    I am trying to setup a small network for my girlfriend's
        mom's company.  They just bought an accounting package
        which requires windows 2003 server.  And they want internet
        access from each computer.  How should the network be setuped?
        Would it be dumb to use static IP for each computer and a
        computer as internet gateway?
	...
2005/8/29-30 [Computer/Networking] UID:39329 Activity:moderate 54%like:37400
8/29    What's the difference between a hub, a switch and a router?  Thx.
        \_ AFAIK, probably be corrected by someone:
           hub: Allows communication on a LAN with bandwith shared amongs all
                the nodes on the hub and maxing out at the max line speed.
           switch: Allows communication on a LAN with bandwith greater than
                the max line speed (point to point)
	...
2005/6/2-3 [Computer/Networking] UID:37941 Activity:moderate
6/2     I've been to many places and almost every place I go to have
        802.11b/g. However, almost all of them have protected access,
        which I presume they use because they don't want people stealing
        their bandwidth. So here is one idea I think will really
        revolutionize 802.11X... an option in the router that allows you to
        specify the percentage of unprotected bandwidth you are willing to
	...
2005/5/23-25 [Computer/Networking] UID:37799 Activity:nil
5/23    Has anyone played with carp/pfsync on OpenBSD? I have a simple
        two firewall setup, one fw running 3.6, the other running 3.7.
        Right now the 3.6 system is the "master" and everything seems
        to work properly except that I can't ping the virtual ip from
        the master system. Any ideas?
        \_ I've seen this with a lot of virtual IP/failover/load balancers.
	...
Cache (736 bytes)
www.openbsd.org
Our efforts emphasize portability, standardization, correctness, 45 proactive security and 46 integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set. The project funds development and releases by selling 49 CDs and 50 T-shirts, as well as receiving donations. Mirrors, by country: 54 AT 55 AU 56 BE 57 BE 58 BR 59 BR 60 BR 61 CA 62 CA 63 CA 64 CH 65 CZ 66 DE 67 DE 68 DE 69 DE 70 DK 71 GR 72 HU 73 ID 74 ID 75 IE 76 IT 77 IT 78 JP 79 MY 80 NO 81 PL 82 PL 83 PT 84 PT 85 SI 86 TR 87 TW 88 UA 89 UK 90 US 91 US 92 US 93 YU This site Copyright 1996-2004 OpenBSD.
Cache (767 bytes)
coombs.anu.edu.au/ipfilter -> coombs.anu.edu.au/ipfilter/
Donations Thanks to those who have been able to support IP Filter through 13 donations of hardware. The current implementation provides a small set of tools, which can easily be used and integrated with regular unix shells and tools. Amongst these tools is a new addition, ipftest, which is provided so that you can test a rule set before committing it to use in your kernel. It can also be used to flush the current firewall rule set or delete individual firewall rules. This allows for testing of firewall rule list and examination of how a packet is passed along through it. Documentation on ioctl's and the format of data saved to the logging character device is provided so that you may develop your own applications to work with or in place of any of the above.