Re: Cable Internet

Attachments:
Message as email (text/plain)

Author: Major.Mikey
Date:
To: plug-discuss
Subject: Re: Cable Internet

Re: Cable Internet (Major.Mikey, Fri Feb 3 06:14:26 2006)

On Thursday 02 February 2006 06:42 pm, Major.Mikey wrote:
> Well, I have officially joined the modern agw; I got high speed
> internet..... sort of. What do I have to do to open linux to using it.
> Along the same lines what do I need to do to secure it?
>
> Unsure of what to do.
> Bye.
>
> Thank you for any assistance you are willing to give.

On Thursday 02 February 2006 10:09 pm, you wrote:
> Assuming you meant age rather than agw... Linux treats a cable modem like
> any other type of routing point. DHCP should get you what you need, and
> everything should magically work.

Yeah, that is what I expected; yet, it just sits there and Ihave to
communicate via dial-up.... unless I need to set DHCP up. Is that what I need
to do? If you could tell me how it would be very beneficial seeing as how I
work as a cox cable guy (contractor) and nobody in our shop knows how to set
it up in Linux. My boss (who was setting it up for me) verified that it is
working with his laptop (XP).

>
> As for securing it, be sure to run iptables with all incoming ports locked
> down by default, allowing only established traffic, would be the way to go.
> One possible extremely basic ruleset would be:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -j DROP
>
> though you'd probably want to make at least a few more elaborate allowments
> than that.
>

Well, this is the iptables I currently have. It seems that your appended rules
are already in there. Well, just to make sure I'll run the command anyways.
If you have the time could you look at my iptable.
I was wondering, how would I set it up to filter out the advertisements?
By the way, what do the two iptable rules I just added, upon recomendation,
do?

(iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT)
(iptables -A INPUT -j DROP)

bmike1@1[bmike1]$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootps
dpt:bootpc
ACCEPT all -- 10.10.10.2 10.255.255.255
logaborted tcp -- anywhere anywhere state
RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
ACCEPT icmp -- anywhere anywhere icmp
parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
ACCEPT icmp -- anywhere anywhere icmp
parameter-problem
srcfilt all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc
dpt:bootps
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
ACCEPT icmp -- anywhere anywhere icmp
parameter-problem
s1 all -- anywhere anywhere

Chain f0to1 (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds state NEW
ACCEPT icmp -- anywhere anywhere icmp
source-quench
ACCEPT udp -- anywhere anywhere udp
dpts:6970:7170
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns dpts:1024:5999
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpts:1024:65535 state NEW
DROP icmp -- anywhere anywhere icmp echo-reply
logdrop all -- anywhere anywhere

Chain f0to2 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f0to3 (0 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f1to0 (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT icmp -- anywhere anywhere icmp redirect
ACCEPT udp -- anywhere anywhere udp dpt:32816
ACCEPT udp -- anywhere anywhere udp dpt:3478
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:jabber-client state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:5223 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:ntp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3030
state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:https state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:554 state
NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:7070
state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:postgresql state NEW
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:5999 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp
spts:1024:5999 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp
spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:5999 dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:mysql state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8765
state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:1863 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:4000
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpts:1024:65535 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:6346
state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:dict state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:pop3 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:rsync
state NEW
ACCEPT icmp -- anywhere anywhere icmp
source-quench
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:ftp state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:5999 dpt:time
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:time state NEW
ACCEPT udp -- anywhere anywhere udp
dpts:33434:33600
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:pop3s state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:imaps state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:8008 state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:8888 state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:11999 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:5061
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:5050 state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:telnet state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpts:5000:5001 state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:5999 dpt:5000
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpts:5190:5193 state NEW
ACCEPT udp -- anywhere anywhere udp
spts:1024:5999 dpts:5190:5193
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpts:6660:6669 state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:pop2 state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:nntp state NEW
DROP icmp -- anywhere anywhere icmp echo-request
REJECT tcp -- anywhere anywhere tcp
spts:1024:5999 dpt:whois state NEW reject-with tcp-reset
REJECT udp -- anywhere anywhere udp dpt:43
reject-with icmp-port-unreachable
logdrop all -- anywhere anywhere

Chain f1to2 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f1to3 (0 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f2to0 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f2to1 (4 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f2to3 (0 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f3to0 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f3to1 (4 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain f3to2 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere

Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere limit: avg
1/sec burst 10
LOG all -- anywhere anywhere limit: avg 1/min
burst 1 LOG level warning prefix `LIMITED '

Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
tcp-sequence tcp-options ip-options prefix`ABORTED '
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED

Chain logdrop (14 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere

Chain logdrop2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
logreject2 all -- anywhere anywhere

Chain logreject2 (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with
tcp-reset
REJECT udp -- anywhere anywhere reject-with
icmp-port-unreachable
DROP all -- anywhere anywhere

Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere

Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere 10.10.10.2
f0to1 all -- anywhere 10.255.255.255
f0to1 all -- anywhere mepis1
f0to1 all -- anywhere
dialup-4.240.192.207.Dial1.Phoenix1.Level3.net
f0to2 all -- anywhere 10.0.0.0/8
logdrop all -- anywhere anywhere

Chain s1 (1 references)
target prot opt source destination
f1to2 all -- anywhere 10.0.0.0/8
f1to0 all -- anywhere anywhere

Chain s2 (1 references)
target prot opt source destination
f2to1 all -- anywhere 10.10.10.2
f2to1 all -- anywhere 10.255.255.255
f2to1 all -- anywhere mepis1
f2to1 all -- anywhere
dialup-4.240.192.207.Dial1.Phoenix1.Level3.net
f2to0 all -- anywhere anywhere

Chain s3 (0 references)
target prot opt source destination
f3to1 all -- anywhere 10.10.10.2
f3to1 all -- anywhere 10.255.255.255
f3to1 all -- anywhere mepis1
f3to1 all -- anywhere
dialup-4.240.192.207.Dial1.Phoenix1.Level3.net
f3to2 all -- anywhere 10.0.0.0/8
f3to0 all -- anywhere anywhere

Chain srcfilt (2 references)
target prot opt source destination
s2 all -- 10.0.0.0/8 anywhere
s0 all -- anywhere anywhereOn Thursday 02 February 2006
10:09 pm, you wrote:
> Assuming you meant age rather than agw... Linux treats a cable modem like
> any other type of routing point. DHCP should get you what you need, and
> everything should magically work.
>
> As for securing it, be sure to run iptables with all incoming ports locked
> down by default, allowing only established traffic, would be the way to go.
> One possible extremely basic ruleset would be:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -j DROP
>
> though you'd probably want to make at least a few more elaborate allowments
> than that.
>
> -- Eric
>
> On 2/2/06, Major.Mikey <bmike1@mcleodusa.net> wrote:
> > Well, I have officially joined the modern agw; I got high speed
> > internet.....
> > sort of. What do I have to do to open linux to using it. Along the same
> > lines
> > what do I need to do to secure it?
> >
> > Unsure of what to do.
> > Bye.
> >
> > Thank you for any assistance you are willing to give.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message is part of the following thread:
	the complete thread tree sorted by date
	Major.Mikey at