Differences between version 20 and revision by previous author of FirewallNotes.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 20 | Last edited on Monday, June 7, 2004 12:26:38 pm | by AristotlePagaltzis | Revert |
| Older page: | version 19 | Last edited on Friday, June 4, 2004 12:16:49 pm | by CraigBox | Revert |
@@ -1,5 +1,5 @@
-__FireWall__ can either refer to a machine used to filter (usually IP) packets or the software used on that machine to provide packet filtering.
+__FireWall__ can either refer to a machine used to filter (usually [
IP]
) packets or the software used on that machine to provide packet filtering.
!!Before you read anything else, make sure you have read and understood HowFirewallingWorks.
If you need a decent iptables firewall for your Linux box, you probably want to give PerrysFirewallingScript a try.
@@ -69,18 +69,18 @@
You might want to read [HowToIPCHAINSHOWTO], [HowToBridgeFirewall], [HowToBridgeFirewallDSL], [HowToFirewallHOWTO], [HowToFirewallPiercing], [HowToSentryFirewallCDHOWTO] or [HowToTermFirewall]. (They're all really, REALLY old.)
-----
-Can't access the NZ Herald? (
http://www.nzherald.co.nz)
(or other sites).
+Can't access the [
NZ Herald |
http://www.nzherald.co.nz]?
(or other sites).
-Make sure you have Explicit Congestion Notification disabled (see the [ECN] page) and don't have any [TOS] (TermsOfService)
settings in your firewall script (iptables -t mangle -F PREROUTING might clean up any you have: don't try this without knowing what you are doing.)
+Make sure you have Explicit Congestion Notification disabled (see the [ECN] page) and don't have any TypeOfService
settings in your firewall script (__
iptables -t mangle -F PREROUTING__
might clean up any you have: don't try this without knowing what you are doing.)
Alternatively, you can go with the "Don't fix good science to work with a bad implementation", or manually add rules allowing access to the NZ Herald IPs.
Also, it should be noted that some home routers don't seem to like ECNs either. If you're having problems accessing the internet with a home ADSL router, and tcpdump output is mentioning packets with SWE, try turning ECNs off as seen in the [ECN] page.
-----
-Have a NAT firewall that only allows one person behind it to make a VPN connection at once? See [PPTPConnectionTracking]
+Have a [
NAT]
firewall that only allows one person behind it to make a [
VPN]
connection at once? See [PPTPConnectionTracking]
----
Part of CategoryNetworking and CategorySecurity
