Re: Cable Internet

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Major.Mikey
Date:  
To: plug-discuss
Subject: Re: Cable Internet
Re: Cable Internet  (Major.Mikey,  Fri Feb 3 06:14:26 2006)

On Thursday 02 February 2006 06:42 pm, Major.Mikey wrote:
> Well, I have officially joined the modern agw; I got high speed
> internet..... sort of. What do I have to do to open linux to using it.
> Along the same lines what do I need to do to secure it?
>
> Unsure of what to do.
> Bye.
>
> Thank you for any assistance you are willing to give.


On Thursday 02 February 2006 10:09 pm, you wrote:
> Assuming you meant age rather than agw... Linux treats a cable modem like
> any other type of routing point. DHCP should get you what you need, and
> everything should magically work.


Yeah, that is what I expected; yet, it just sits there and Ihave to
communicate via dial-up.... unless I need to set DHCP up. Is that what I need
to do? If you could tell me how it would be very beneficial seeing as how I
work as a cox cable guy (contractor) and nobody in our shop knows how to set
it up in Linux. My boss (who was setting it up for me) verified that it is
working with his laptop (XP).

>
> As for securing it, be sure to run iptables with all incoming ports locked
> down by default, allowing only established traffic, would be the way to go.
> One possible extremely basic ruleset would be:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -j DROP
>
> though you'd probably want to make at least a few more elaborate allowments
> than that.
>


Well, this is the iptables I currently have. It seems that your appended rules
are already in there. Well, just to make sure I'll run the command anyways.
If you have  the time could you look at my iptable.
I was wondering, how would I set it up to filter out the advertisements?
By the way, what do the two iptable rules I just added, upon recomendation,
do?

(iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT)
(iptables -A INPUT -j DROP)

bmike1@1[bmike1]$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps
dpt:bootpc
ACCEPT     all  --  10.10.10.2           10.255.255.255
logaborted  tcp  --  anywhere             anywhere            state
RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            icmp
destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp
time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp
parameter-problem
nicfilt    all  --  anywhere             anywhere
srcfilt    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            icmp
destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp
time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp
parameter-problem
srcfilt    all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootpc
dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            icmp
destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp
time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp
parameter-problem
s1         all  --  anywhere             anywhere

Chain f0to1 (4 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpt:ipp state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-ns state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:65535 dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-ns dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:65535 dpt:netbios-dgm
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-ssn state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:65535 dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:microsoft-ds state NEW
ACCEPT     icmp --  anywhere             anywhere            icmp
source-quench
ACCEPT     udp  --  anywhere             anywhere            udp
dpts:6970:7170
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-ns dpts:1024:5999
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-ns dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpts:1024:65535 state NEW
DROP       icmp --  anywhere             anywhere            icmp echo-reply
logdrop    all  --  anywhere             anywhere

Chain f0to2 (1 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f0to3 (0 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f1to0 (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-ns dpts:1024:65535
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-ns dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT     icmp --  anywhere             anywhere            icmp redirect
ACCEPT     udp  --  anywhere             anywhere            udp dpt:32816
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3478
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:jabber-client state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:5223 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ntp
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:ntp state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3030
state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:https state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:554 state
NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:7070
state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:postgresql state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-ns state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:5999 dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-ns dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:5999 dpt:netbios-dgm
ACCEPT     udp  --  anywhere             anywhere            udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-ssn state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:5999 dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:mysql state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8765
state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:1863 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4000
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpts:1024:65535 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:6346
state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:dict state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:pop3 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:rsync
state NEW
ACCEPT     icmp --  anywhere             anywhere            icmp
source-quench
ACCEPT     udp  --  anywhere             anywhere            udp dpt:5060
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:ftp state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:5999 dpt:time
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:time state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
dpts:33434:33600
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:pop3s state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:imaps state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:www state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:webcache state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:8008 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:8000 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:8888 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:11999 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:5061
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:5050 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:telnet state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpts:5000:5001 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:5999 dpt:5000
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:smtp state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpts:5190:5193 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp
spts:1024:5999 dpts:5190:5193
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpts:6660:6669 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:pop2 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:nntp state NEW
DROP       icmp --  anywhere             anywhere            icmp echo-request
REJECT     tcp  --  anywhere             anywhere            tcp
spts:1024:5999 dpt:whois state NEW reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            udp dpt:43
reject-with icmp-port-unreachable
logdrop    all  --  anywhere             anywhere

Chain f1to2 (1 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f1to3 (0 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f2to0 (1 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f2to1 (4 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f2to3 (0 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f3to0 (1 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f3to1 (4 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain f3to2 (1 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain logaborted (1 references)
target     prot opt source               destination
logaborted2  all  --  anywhere             anywhere            limit: avg
1/sec burst 10
LOG        all  --  anywhere             anywhere            limit: avg 1/min
burst 1 LOG level warning prefix `LIMITED '

Chain logaborted2 (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level warning
tcp-sequence tcp-options ip-options prefix`ABORTED '
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED

Chain logdrop (14 references)
target     prot opt source               destination
logdrop2   all  --  anywhere             anywhere

Chain logdrop2 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain logreject (0 references)
target     prot opt source               destination
logreject2  all  --  anywhere             anywhere

Chain logreject2 (1 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with
tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with
icmp-port-unreachable
DROP       all  --  anywhere             anywhere

Chain nicfilt (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere

Chain s0 (1 references)
target     prot opt source               destination
f0to1      all  --  anywhere             10.10.10.2
f0to1      all  --  anywhere             10.255.255.255
f0to1      all  --  anywhere             mepis1
f0to1      all  --  anywhere            
dialup-4.240.192.207.Dial1.Phoenix1.Level3.net
f0to2      all  --  anywhere             10.0.0.0/8
logdrop    all  --  anywhere             anywhere

Chain s1 (1 references)
target     prot opt source               destination
f1to2      all  --  anywhere             10.0.0.0/8
f1to0      all  --  anywhere             anywhere

Chain s2 (1 references)
target     prot opt source               destination
f2to1      all  --  anywhere             10.10.10.2
f2to1      all  --  anywhere             10.255.255.255
f2to1      all  --  anywhere             mepis1
f2to1      all  --  anywhere            
dialup-4.240.192.207.Dial1.Phoenix1.Level3.net
f2to0      all  --  anywhere             anywhere

Chain s3 (0 references)
target     prot opt source               destination
f3to1      all  --  anywhere             10.10.10.2
f3to1      all  --  anywhere             10.255.255.255
f3to1      all  --  anywhere             mepis1
f3to1      all  --  anywhere            
dialup-4.240.192.207.Dial1.Phoenix1.Level3.net
f3to2      all  --  anywhere             10.0.0.0/8
f3to0      all  --  anywhere             anywhere

Chain srcfilt (2 references)
target     prot opt source               destination
s2         all  --  10.0.0.0/8           anywhere
s0         all  --  anywhere             anywhereOn Thursday 02 February 2006
10:09 pm, you wrote:
> Assuming you meant age rather than agw... Linux treats a cable modem like
> any other type of routing point. DHCP should get you what you need, and
> everything should magically work.
>
> As for securing it, be sure to run iptables with all incoming ports locked
> down by default, allowing only established traffic, would be the way to go.
> One possible extremely basic ruleset would be:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -j DROP
>
> though you'd probably want to make at least a few more elaborate allowments
> than that.
>
> -- Eric
>
> On 2/2/06, Major.Mikey <> wrote:
> > Well, I have officially joined the modern agw; I got high speed
> > internet.....
> > sort of. What do I have to do to open linux to using it. Along the same
> > lines
> > what do I need to do to secure it?
> >
> > Unsure of what to do.
> > Bye.
> >
> > Thank you for any assistance you are willing to give.

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss