[LUG] Re: tcpdump

To: tony@xxxxxxxxxxxxxxx
Subject: [LUG] Re: tcpdump
From: Neil Williams <neil@xxxxxxxxxxxxxx>
Date: Thu, 26 Aug 2004 19:40:47 +0100
Cc: list@xxxxxxxxxxxx
Reply-to: list@xxxxxxxxxxxx

tony@xxxxxxxxxxxxxxx wrote:

Neil Williams writes:

I find it hard to get my head round the idea that this
little ethernet box has a firewall in it.
You'd better bet that it does! (Your network is naked without one!)


Uh? What is iptables for then? There's only one PC. In Reading I had
two PCs and then sure you need a firewall in the router.

?? You need a firewall in the router even when there are NO other devices connected!!

iptables on a machine inside the local network is an insurance policy or used to restrict certain services within the LAN. Don't rely on iptables on the PC, implement them as close as possible to the internet itself.

firewalls are easy and simple, there's no need for a hungry CPU, it can all go on a simple logic chip.

OK, so there is a firewall in the modem and this is probably preventing
ftp from working. But I can't find out what its rules are and I can't
change them. All I can do is talk to http://192.168.1.1 and there is
nothing there about firewall rules.

Can you get along to the meeting on Saturday?

Check again: This sounds like a broadband ROUTER, not a broadband modem. It contains a modem, sure, but it connects to your PC via ethernet and has an IP address for itself - that qualifies it as a ROUTER in my book. :-)

I compared the two tcpdumps and this confirmed what I suspected; in your case you send the username and it replies with an ack and the password prompt, in my case (probably) the username doesn't get there and no password prompt comes back. However, this doesn't tell me what to do about it. I think I know what I have to do and that is to get a wireless ADSL

I didn't think tcpdump was going to help much, I just thought it was a harmless diversion.

router, one where I can configure the firewall. I'll try that and let you
know what happens -- and summarise the discussion for the list.
Tony

The list benefits from the full discussion, (hence this is CC'd to the list), it's better to keep the full thread together for everyone to benefit and contribute. I only know what I've done, there are others on the list who have similar and deeper knowledge of iptables, firewalls and network architecture.

--

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

Attachment: signature.asc
Description: OpenPGP digital signature

Re: [LUG] Re: tcpdump
- From: Robin Cornelius

Prev by Date: Re: [LUG] Install....still.
Next by Date: Re: [LUG] Business switched
Previous by thread: Re: NHS was Re: [LUG] Business switched
Next by thread: Re: [LUG] Re: tcpdump
Index(es):
- Date
- Thread

Lynx friendly