Advertising services on certain ports

Warren Togami warren at togami.com
Fri Jul 6 23:16:48 PDT 2001 

----- Original Message -----
From: "Jesse Manibusan" <jessmani at yahoo.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Friday, July 06, 2001 7:19 PM
Subject: [luau] Advertising services on certain ports


> Does anyone know how to advertise a certain service on a port and not on
> others?  For example, say I want to have DHCP running on my firewall for
my
> internal network but don't want it to accept DHCP requests coming from the
> external ethernet port.  Is there any way to do this other than to create
> rules in the iptables/ipchains setup?

http://www.mplug.org/phpwiki/index.php?DHCPServer
There is a way to specify what to advertise within the dhcpd.conf file
itself, but I personally specify the dhcpd ethernet device in the
/etc/init.d/dhcpd service launching script.  Read that URL for details and
my sample dhcpd.conf file.

>
> Also, what is the smallest size Linux distribution I can use for a
firewall
> setup?  I currently only have 2 spare HD's to use, one is an 800MB and the
> other is a 20GB.  2 lousy choices since the 20 GB is too large to waste on
a
> firewall that won't do anything except masquerading and the other is too
> small too be able to accept the most current versions of Redhat or
Mandrake.
>

Your 800MB hard drive would be plenty enough space for a Red Hat based
firewall following my BasicFirewallRouter guide.
http://www.mplug.org/phpwiki/index.php?BasicFirewallRouter
I wouldn't use Mandrake for this setup because it would be harder to strip
out the X graphical stuff, bells and whistles, and Red Hat's package
updating process in pure text mode much easier with "up2date -u" or "Red Hat
Update" that you can download from freshmeat.  If you use text mode, your
Red Hat installation with very minimum packages necessary would be somewhere
between 150-300MB I think.  The rest would leave plenty of space for
firewall monitoring tools, security tools, and the syslogs.  I'll be writing
guides on the security and monitoring stuff sometime soon.

> Are the "firewall on a floppy" setups pretty secure?  Any place where I
can
> get current information, not some how-to that has all sorts of out-of-date
> warnings and disclaimers on it?

IMHO the floppy based setups are not very secure.  You get zero monitoring
features and much less configurability and flexibility.  You also don't get
to take advantage of the 2.4 kernel with Netfilter/iptables and all the
great things that allows you to do.

Warren Togami
warren at togami.com
Mid-Pacific Linux User's Group
http://www.mplug.org

More information about the LUAU mailing list