Differences between version 10 and previous revision of MetaNetConfiguration.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 10 | Last edited on Thursday, November 18, 2004 1:46:05 pm | by MikeBeattie | Revert |
| Older page: | version 9 | Last edited on Thursday, November 18, 2004 1:44:25 pm | by MikeBeattie | Revert |
@@ -70,9 +70,9 @@
For example, samba/nmbd does broadcasts that will go across the metanet. You can either block traffic to and from the metanet on ports 137, 138 and 139 (both [TCP] and [UDP]) or you can add the following in smb.conf's global section:
bind interfaces only = yes
interfaces = 10.x.y.0/24
-The only traffic on the 192.168../16 range is BGP, and DNS to the tla root server, so you can safely firewall off everything except port 179 tcp/udp incoming. You'll need to allow 53 udp for forwarding to your nameserver if it's not the router... You will need to leave outgoing open, and ports >=1024 incoming with stateful acceptance (RELATED,ESTABLISHED) since your MetaNet router will use the IP on the wan0 interface for its communication onto the MetaNet.
+The only traffic on the 192.168../16 range is BGP, and DNS to the tla root server, so you can safely firewall off everything except port 179 tcp/udp incoming. You'll need to allow 53 udp for forwarding to/from
your nameserver if it's not on
the router... You will need to leave outgoing open, and ports >=1024 incoming with stateful acceptance (RELATED,ESTABLISHED) since your MetaNet router will use the IP on the wan0 interface for its communication onto the MetaNet.
An example of this is:
iptables -A INPUT -p udp --dport 179 -s 192.168.0.0/16 -i wan0 -d 192.168.x.y -j ACCEPT
iptables -A INPUT -p tcp --dport 179 -s 192.168.0.0/16 -i wan0 -d 192.168.x.y -j ACCEPT
