Sign in to follow this  
bobgo2728

Fedora Core 6 Problems

Recommended Posts

port 80 always forwords, so if you are running a web server behind a Nat it can be gotten to.

Stateful Package inspection is the only way to stop that

Share this post


Link to post
Share on other sites

Port 80 isn't forwarded by my WRT54GS. The remote admin webapp sits on it when it's enabled. (And possibly when it isn't enabled... :))

Share this post


Link to post
Share on other sites

I am not sure how good it is, but most linksys routers do SPI(stateful packet inspection) . I have the wrt54gl, a setting allows me to turn SPI on or off. Maybe I am more protected then I thought.

Edited by shanenin

Share this post


Link to post
Share on other sites
Port 80 isn't forwarded by my WRT54GS. The remote admin webapp sits on it when it's enabled. (And possibly when it isn't enabled... :))

port 80 is always a translated or else you would never see web pages, an old hacker attack vector is to send a network package to a NAT router looking like a return from a network request. if it reaches the box, the box will send back a kind of What? package, so now you can do all kinds of nasty.

Facilitating Inbound NAT Using DNS

There only two methods to resolve the hidden address problem. One is to use static mapping for devices like servers on the inside network that need to be accessed from the outside. When static mapping is employed, the global address of the device that is using the static mapping will be publicly known, which solves the “where do I send my request to†problem.

The other solution is to make use of the TCP/IP Domain Name System (DNS). As explained in detail in the section on DNS, this protocol allows requests to be sent as names instead of IP addresses; the DNS server translates these names to their corresponding addresses. It is possible to integrate DNS and NAT so they work together. This process is described in RFC 2694, DNS extensions to Network Address Translators (DNS_ALG).

In this technique, an outside device can in fact make use of dynamic mapping. The basic process (highly simplified) is as follows:

1. The outside device sends a DNS request using the name of the device on the inside network it wishes to reach. For example, it might be “www.ilikenat.comâ€.

2. The DNS server for the internal network resolves the “www.ilikenat.com†name into an inside local address for the device that corresponds to this DNS entry.

3. The inside local address is passed to NAT and used to create a dynamic mapping between the inside local address of the server being accessed from the outside, and an inside global address. This mapping is put into the NAT router's translation table.

4. When the DNS server sends back the name resolution, it tells the outside device not the inside local (private) address of the server being sought, but the inside global (public) address mapped in the previous step.

Share this post


Link to post
Share on other sites
port 80 is always a translated or else you would never see web pages

Eh? We're talking about inbound data, aren't we?

Share this post


Link to post
Share on other sites

Well anyways, is there a good place out there that will show me what services I must have on and ones that I can shut off? I would love to shut some of these things off to maybe speed this thing up a little bit.

Share this post


Link to post
Share on other sites
Well anyways, is there a good place out there that will show me what services I must have on and ones that I can shut off? I would love to shut some of these things off to maybe speed this thing up a little bit.

Well, you can stop sendmail if you're not running an e-mail server, that'll free up some RAM:-) If you go into your services settings there is a description of each service that starts at boot-up. There are some services you need at boot-up like networking, etc.

Share this post


Link to post
Share on other sites

I think chkconfig --list will show you what services you have running. You might have to specify the runlevel you use

chkconfig --list 3

Share this post


Link to post
Share on other sites

I am wondering if I should leave acpid on being that I had to shut ACPI off to get the dam thing installed. I also wonder if I need hidd running since I do not have any blue tooth stuff but I think I need it.

Hi Buddy,

I found this site with google, I hope this helps.

Fedora Core 6 Services

Edited by Buddy Holly

Share this post


Link to post
Share on other sites
I am wondering if I should leave acpid on being that I had to shut ACPI off to get the dam thing installed. I also wonder if I need hidd running since I do not have any blue tooth stuff but I think I need it.
Hi Buddy,

I found this site with google, I hope this helps.

Fedora Core 6 Services

you turned off acpi in your BIOS right?

This only allows the MotherBoard to control ACPI, acpid lets Linux control these functions

and I believe the new real time clock and hard drive functions need this to run. so I would leave it on.

as for hidd, go ahead and turn it off, I don't believe it effects anything but blue tooth..

by the way this is some of the best ways to secure a server is to turn off what you do not need.

Share this post


Link to post
Share on other sites

No when i went to install FC6 I typed in linux boot acpi=off So I don't know if anything is something else to turn off. I will think that hidd deals with anything else but bluetooth but I would like to know for sure.

I am wondering if I should leave acpid on being that I had to shut ACPI off to get the dam thing installed. I also wonder if I need hidd running since I do not have any blue tooth stuff but I think I need it.
Hi Buddy,

I found this site with google, I hope this helps.

Fedora Core 6 Services

you turned off acpi in your BIOS right?

This only allows the MotherBoard to control ACPI, acpid lets Linux control these functions

and I believe the new real time clock and hard drive functions need this to run. so I would leave it on.

as for hidd, go ahead and turn it off, I don't believe it effects anything but blue tooth..

by the way this is some of the best ways to secure a server is to turn off what you do not need.

Share this post


Link to post
Share on other sites
No when i went to install FC6 I typed in linux boot acpi=off So I don't know if anything is something else to turn off. I will think that hidd deals with anything else but bluetooth but I would like to know for sure.
I am wondering if I should leave acpid on being that I had to shut ACPI off to get the dam thing installed. I also wonder if I need hidd running since I do not have any blue tooth stuff but I think I need it.
Hi Buddy,

I found this site with google, I hope this helps.

Fedora Core 6 Services

you turned off acpi in your BIOS right?

This only allows the MotherBoard to control ACPI, acpid lets Linux control these functions

and I believe the new real time clock and hard drive functions need this to run. so I would leave it on.

as for hidd, go ahead and turn it off, I don't believe it effects anything but blue tooth..

by the way this is some of the best ways to secure a server is to turn off what you do not need.

hidd is blue tooth only

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this