hasu_bert
05.05.04, 15:32
Ich hab letzte N8 einen Fli4l-Router installiert. Nun habe ich ein Problem:
Der Router lehnt meinen gesamten Traffic ab.
Ich hab nicht wirklich eine erklärung dafür. Habe die Doku gewälzt und bin einige male die Base.txt angeschaut. Ich weiß nicht woran es liegt.
Die einzige Mögliche Erklärung die mir einfällt, ist das der Router mich wie einen Rechner aus den Internet behandelt. Ich habe aber keinen Plan warum.
#------------------------------------------------------------------------------
# General settings:
#------------------------------------------------------------------------------
HOSTNAME='fli4me' # name of fli4l router
PASSWORD='' # password for telnetd, ftpd and sshd
MOUNT_BOOT='no' # mount boot device (floppy): ro, rw, no
RAMSIZE='2048' # size of ramdisk for unzipped opt.tgz
# the variables MOUNT_OPT, PART_OPT and UPDATE_MODE will be ignored if
# RAMSIZE is not empty. see docu
MOUNT_OPT='ro' # mount opt device: ro, rw
PART_OPT='hda2' # location of opt-files? ram1 or disk-partition
UPDATE_MODE='full' # add, cfg, full, none, see documentation
#------------------------------------------------------------------------------
# Ethernet card drivers:
# uncomment your ethernet card
#------------------------------------------------------------------------------
ETH_DRV_N='1' # number of ethernet drivers to load, usually 1
#ETH_DRV_1='3c505' # ISA: 3COM Etherlink Plus (3c505)
#ETH_DRV_1='3c507' # ISA: 3COM Etherlink 16 (3c507)
#ETH_DRV_1='3c509' # ISA: 3COM EtherLinkIII (3c509)
#ETH_DRV_1='3c515' # ISA: 3COM EtherLink XL ISA (3c515)
#ETH_DRV_1='3c59x' # PCI: 3COM Vortex/Boomerang 3c59x,3c900,3c905
#ETH_DRV_1='82596' # Apricot Xen-II on board Ethernet
#ETH_DRV_1='3c503' # ISA: 3COM EtherLinkII (3c503)
#ETH_DRV_1='e2100' # ISA: Cabletron E21xx ISA
#ETH_DRV_1='hp' # ISA: HP PCLAN (27245, 27xxx) ISA
#ETH_DRV_1='hp-plus' # ISA: HP PCLAN+ (27247B and 27252A) ISA
#ETH_DRV_1='ne' # ISA: NE2000 ISA clone (eg. Realtek 8019,
# Accton 16xx, NatSemi 8390, UMC 9003/9008)
#ETH_DRV_1='ne2k-pci' # PCI: NE2000 PCI clone (eg. Realtek 8029,
# Winbond 89c940)
#ETH_DRV_1='smc-ultra' # ISA: SMC ULTRA
#ETH_DRV_1='smc-ultra32' # EISA: SMC ULTRA32 (NEW)
#ETH_DRV_1='wd' # ISA: SMC WD80*3
#ETH_DRV_1='at1700' # ISA: AT1700 (Fujitsu 86965) ISA
#ETH_DRV_1='cs89x0' # ISA: IBM Etherjet, cs89x0 based Cards (Option io=0xnnn necessary!)
#ETH_DRV_1='de4x5' # PCI/EISA: Digital DE425, DE434, DE435, DE450, DE500
#ETH_DRV_1='depca' # ISA: DEPCA, DE10x, DE200, DE201, DE202, DE422
#ETH_DRV_1='dgrs' # PCI: Digi International RightSwitch PCI/EISA
#ETH_DRV_1='dmfe' # PCI: DM9102 compatible PCI cards from Davicom
#ETH_DRV_1='lp486e' # ISA: Intel Professional Workstation/panther 82596
#ETH_DRV_1='eepro' # ISA: Intel EtherExpress Pro/10
#ETH_DRV_1='eepro100' # PCI: Intel EtherExpressPro PCI 10+/100B/100+
#ETH_DRV_1='eexpress' # ISA: EtherExpress16 ISA
#ETH_DRV_1='epic100' # PCI: SMC EPIC/100 (EtherPower II) PCI
#ETH_DRV_1='eth16i' # ISA/EISA: ICL EtherTeam 16i/32
#ETH_DRV_1='ewrk3' # ISA: EtherWORKS 3 ISA (DE203, DE204, DE205)
#ETH_DRV_1='fa3xx' # PCI: NETGEAR FA3XX PCI Ethernet Controller
#ETH_DRV_1='fealnx' # PCI: ASOUND LAN 8139 card - not RTL8139 (NEW)
#ETH_DRV_1='hp100' # ISA/EISA/PCI: HP 10/100VG PCLAN (ISA, EISA, PCI)
#ETH_DRV_1='lance' # ISA: AMD LANCE and PCnet (AT1500, NE2100) ISA
#ETH_DRV_1='old_tulip' # PCI: Old DECchip Tulip (dc21x4x) PCI
#ETH_DRV_1='pcnet32' # PCI: AMD PCI PCnet32
ETH_DRV_1='rtl8139-orig' # PCI: RealTek 8129/8139 (not 8019/8029!)
#ETH_DRV_1='rtl8139' # PCI: RealTek 8129/8139 (not 8019/8029!) (NEW)
#ETH_DRV_1='8139too' # PCI: RealTek 8139 10/100 MB (NEW)
#ETH_DRV_1='sis900' # PCI: SiS 900/7016
#ETH_DRV_1='sundance' # PCI: DFE-550FX or DFE-530TXS (NEW)
#ETH_DRV_1='tlan' # PCI: TI ThunderLAN (Compaq Netelligent ...)
#ETH_DRV_1='tulip' # PCI: DECchip Tulip (dc21x4x) PCI
#ETH_DRV_1='natsemi' # PCI: Nat Semi
#ETH_DRV_1='starfire' # PCI: Starfire
#ETH_DRV_1='via-rhine' # PCI: VIA Rhine PCI (3043, VT86c100A, dfe-530tx)
#ETH_DRV_1='winbond-840' # PCI: Winbond 840
#ETH_DRV_1='lanstreamer' # Token Ring: IBM Auto LANStreamer PCI Adapter
#ETH_DRV_1='olympic' # Token Ring: IBM cards (Pit/Pit-Phy/Olympic)
#ETH_DRV_1='ibmtr' # Token Ring: IBM 16/4
#ETH_DRV_1='pcnet_cs' # PCMCIA: NS8390-based cards (NE2000, DLINK etc)
#ETH_DRV_1='3c574_cs' # PCMCIA: 3Com 574
#ETH_DRV_1='3c575_cb' # PCMCIA: 3Com 575
#ETH_DRV_1='3c589_cs' # PCMCIA: 3Com 589
#ETH_DRV_1='airo' # PCMCIA: Airo 4500 & 4800 series cards
#ETH_DRV_1='airo_cs' # PCMCIA: Airo 4500 & 4800 series cards
#ETH_DRV_1='eepro100_cb' # PCMCIA: EtherExpress Pro 100
#ETH_DRV_1='epic_cb' # PCMCIA: SMC 83c170 EPIC/100
#ETH_DRV_1='ibmtr_cs' # PCMCIA: IBM Token Ring
#ETH_DRV_1='netwave_cs' # PCMCIA: Netwave AirSurfer Wireless LAN
#ETH_DRV_1='nmclan_cs' # PCMCIA: New Media Ethernet LAN
#ETH_DRV_1='ray_cs' # PCMCIA: Raylink wireless cards
#ETH_DRV_1='smc91c92_cs' # PCMCIA: SMC91c92-based cards
#ETH_DRV_1='tulip_cb' # PCMCIA: DEC 21040-family cards
#ETH_DRV_1='wavelan_cs' # PCMCIA: WaveLAN
#ETH_DRV_1='wavelan2_cs' # PCMCIA: WaveLAN2
#ETH_DRV_1='wvlan_cs' # PCMCIA: Lucent WaveLAN/IEEE 802.11
#ETH_DRV_1='xirc2ps_cs' # PCMCIA: Xircom: CE2, CEM28, CEM33, or CE3
#ETH_DRV_1='wl24_cs' # PCMCIA: ELSA Airlancer MC-2
#ETH_DRV_1='cs89x0_cs' # PCMCIA: IBM EtherJet Ethernet Adapter
#ETH_DRV_1='orinoco_cs' # PCMCIA: Orinoco Based WLAN Cards (NEW)
#ETH_DRV_1='axnet_cs' # PCMCIA: Asix AX88190 Fast Ethernet (NEW)
ETH_DRV_1_OPTION='' # additional option, e.g. 'io=0x340' for ne
#------------------------------------------------------------------------------
# Ether networks used with IP protocol:
#------------------------------------------------------------------------------
IP_ETH_N='1' # number of ip ethernet networks, usually 1
IP_ETH_1_NAME='' # optional: other device name than ethX
IP_ETH_1_IPADDR='192.168.0.2' # IP address of your n'th ethernet card
IP_ETH_1_NETWORK='192.168.0.0' # network of your LAN
IP_ETH_1_NETMASK='255.255.255.0' # netmask of your LAN
#------------------------------------------------------------------------------
# Additional routes, optional
#------------------------------------------------------------------------------
IP_DEFAULT_GATEWAY='' # normally not used, read documentation!
IP_ROUTE_N='0' # number of additional routes
IP_ROUTE_1='192.168.7.0 255.255.255.0 192.168.6.99' # network netmask gateway
#------------------------------------------------------------------------------
# Masquerading:
#------------------------------------------------------------------------------
MASQ_NETWORK='192.168.6.0/24' # networks to masquerade (e.g. our LAN)
MASQ_MODULE_N='7' # load n masq modules (default: only ftp)
MASQ_MODULE_1='ftp' # ftp
#MASQ_MODULE_2='h323' # h323 (netmeeting)
MASQ_MODULE_2='icq' # icq (use with caution!)
MASQ_MODULE_3='irc' # irc
#MASQ_MODULE_5='raudio' # raudio
#MASQ_MODULE_6='vdolive' # vdolive
MASQ_MODULE_4='quake' # quake
#MASQ_MODULE_8='cuseeme' # cuseeme
#MASQ_MODULE_9='mms' # MSN-Filetransfer
#MASQ_MODULE_10='pptp' # pptp
MASQ_MODULE_5='ipsec' # ipsec
MASQ_MODULE_6='dplay' # dplay (direct play)
#MASQ_MODULE_13='msn-0.02' # msn zone (use version 0.01 or 0.02)
MASQ_MODULE_7='udp_dloose' # pseudo mod: some internet games need it
MASQ_FTP_PORT_N='0' # using ftp masq-module on different ports
MASQ_FTP_PORT_1='21' # standard ftp port
MASQ_FTP_PORT_2='2021' # additional port
#------------------------------------------------------------------------------
# Optional package: PORTFW
#
# If you set OPT_PORTFW='yes', you can also edit opt/etc/portfw.sh
#------------------------------------------------------------------------------
OPT_PORTFW='yes' #install port forwarding tools/modules
PORTFW_N='5' #how many portforwardings to set up
PORTFW_1='8765 192.168.0.4:8765 tcp' #ts
PORTFW_2='8766 192.168.0.4:8766 tcp' #ts
PORTFW_3='6662 192.168.0.4:6662 tcp' #esel
PORTFW_4='6672 192.168.0.4:6672 udp' #esel
PORTFW_5='4810 192.168.0.4:4810 tcp' #icq
#------------------------------------------------------------------------------
# Routing without masquerading
#------------------------------------------------------------------------------
ROUTE_NETWORK='' # optional: route from/to network, no masq
#------------------------------------------------------------------------------
# Routing: internal hosts to deny forwarding
#------------------------------------------------------------------------------
FORWARD_DENY_HOST_N='16' # number of denied hosts
FORWARD_DENY_HOST_1='192.168.0.14'
FORWARD_DENY_HOST_2='192.168.0.100' FORWARD_DENY_HOST_3='192.168.0.107'
FORWARD_DENY_HOST_4='192.168.0.114'
FORWARD_DENY_HOST_5='192.168.0.132'
FORWARD_DENY_HOST_6='192.168.0.154'
FORWARD_DENY_HOST_7='192.168.0.202'
FORWARD_DENY_HOST_8='192.168.0.212'
FORWARD_DENY_HOST_9='192.168.0.219'
FORWARD_DENY_HOST_10='192.168.0.230'
FORWARD_DENY_HOST_11='192.168.0.252'
FORWARD_DENY_HOST_12='192.168.0.203'
FORWARD_DENY_HOST_13='192.168.0.5'
FORWARD_DENY_HOST_14='192.168.0.6'
FORWARD_DENY_HOST_15='192.168.0.7'
FORWARD_DENY_HOST_16='192.168.0.8'
#------------------------------------------------------------------------------
# Routing: ports to reject/deny forwarding (from inside and outside!)
#------------------------------------------------------------------------------
FORWARD_DENY_PORT_N='1' # no. of ports to reject/deny forwarding
FORWARD_DENY_PORT_1='137:139 REJECT' # deny/reject forwarding of netbios
FORWARD_TRUSTED_NETS='' # but allow forwarding between LANs
#------------------------------------------------------------------------------
# Firewall: ports to reject/deny from outside (all served ports)
#
# here we leave two ports untouched:
#
# 53 dns
# 113 auth
#------------------------------------------------------------------------------
FIREWALL_DENY_PORT_N='6' # no. of ports to reject/deny
FIREWALL_DENY_PORT_1='0:52 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_2='54:112 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_3='114:1023 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_4='5000:5001 REJECT' # imond/telmond ports: reject or deny
FIREWALL_DENY_PORT_5='8000 REJECT' # proxy access: reject or deny
FIREWALL_DENY_PORT_6='20012 REJECT' # vbox server access: reject or deny
FIREWALL_DENY_ICMP='no' # deny icmp (ping): yes or no
FIREWALL_LOG='yes' # log access to rejected/denied ports
#------------------------------------------------------------------------------
# Domain configuration:
#------------------------------------------------------------------------------
START_DNS='yes' # start dns server: yes or no
DNS_FORWARDERS='193.189.244.197 193.189.244.205' # DNS servers of your provider, e.g. MSN
DNS_VERBOSE='no' # log queries in /usr/local/ens/ens.log
DOMAIN_NAME='hasu.fli4l' # your domain name
DNS_FORBIDDEN_N='0' # number of forbidden domains
DNS_FORBIDDEN_1='foo.bar' # 1st forbidden domain
DNS_FORBIDDEN_2='bar.foo' # 2nd forbidden domain
HOSTS_N='3' # number of hosts in your domain
HOST_1='192.168.0.2 fli4me' # 1st host: ip and name
HOST_2='192.168.0.4 hasufel' # 2nd host: ip and name
HOST_3='192.168.0.3 lude' # 3rd host: ip and name
#HOST_4='192.168.6.4 client4' # 4th host: ip and name
#------------------------------------------------------------------------------
# Special DNS configuration
#------------------------------------------------------------------------------
DNS_N='0' # number of special dns servers, normally 0
#DNS_1='firma.de 192.168.1.12' # 1st special dns server for firma.de
#DNS_2='lan.firma.de 192.168.2.12' # 2nd special dns server for lan.firma.de
#------------------------------------------------------------------------------
# imond configuration:
#------------------------------------------------------------------------------
START_IMOND='yes' # start imond: yes or no
IMOND_PORT='5000' # TCP-Port, see also FIREWALL_DENY_PORT_x!
IMOND_PASS='' # imond-password, may be empty
IMOND_ADMIN_PASS='afk' # imond-admin-password, may be empty
IMOND_LED='' # tty for led: com1 - com4 or empty
IMOND_BEEP='no' # beep if connection going up/down
IMOND_LOG='no' # log /var/log/imond.log: yes or no
IMOND_LOGDIR='/var/log' # log-directory, e.g. /var/log
IMOND_ENABLE='yes' # accept "enable/disable" commands
IMOND_DIAL='yes' # accept "dial/hangup" commands
IMOND_ROUTE='yes' # accept "route" command
IMOND_REBOOT='yes' # accept "reboot" command
#------------------------------------------------------------------------------
# Generic circuit configuration:
#------------------------------------------------------------------------------
IP_DYN_ADDR='yes' # use dyn. ip addresses (most providers do)
DIALMODE='auto' # standard dialmode: auto, manual, or off
#------------------------------------------------------------------------------
# optional package: syslogd
#------------------------------------------------------------------------------
OPT_SYSLOGD='no' # start syslogd: yes or no
SYSLOGD_DEST_N='1' # number of destinations
SYSLOGD_DEST_1='*.* /dev/console' # n'th prio & destination of syslog msgs
SYSLOGD_DEST_2='*.* @192.168.6.2' # example: loghost 192.168.6.2
SYSLOGD_DEST_3='kern.info /var/log/dial.log' # example: log infos
#------------------------------------------------------------------------------
# optional package: klogd
#------------------------------------------------------------------------------
OPT_KLOGD='no' # start klogd: yes or no
#------------------------------------------------------------------------------
# optional package: y2k correction
#------------------------------------------------------------------------------
OPT_Y2K='no' # y2k correction: yes or no
Y2K_DAYS='' # correct hardware Y2K-Bug: add x days
#------------------------------------------------------------------------------
# Optional package: PNP
#------------------------------------------------------------------------------
OPT_PNP='no' # install isapnp tools: yes or
Wäre nett, wenn mir jemand dieses Brett vorm Kopf entfernen könnte.
mfg hasufel
btw: gibts mitlerweile eine Möglichkleit Client-IP-Bereiche zu sperren? Ich habe bisher nur ein paar einzelne gesperrt. Darum müssten die anderen Clients im LAN ja nur ihre IP ändern um meinen Router als Gateway zu nutzen.
Sonst muss ich 250 Ports einzeln auflisten. Das wäre ja suboptimal...
Der Router lehnt meinen gesamten Traffic ab.
Ich hab nicht wirklich eine erklärung dafür. Habe die Doku gewälzt und bin einige male die Base.txt angeschaut. Ich weiß nicht woran es liegt.
Die einzige Mögliche Erklärung die mir einfällt, ist das der Router mich wie einen Rechner aus den Internet behandelt. Ich habe aber keinen Plan warum.
#------------------------------------------------------------------------------
# General settings:
#------------------------------------------------------------------------------
HOSTNAME='fli4me' # name of fli4l router
PASSWORD='' # password for telnetd, ftpd and sshd
MOUNT_BOOT='no' # mount boot device (floppy): ro, rw, no
RAMSIZE='2048' # size of ramdisk for unzipped opt.tgz
# the variables MOUNT_OPT, PART_OPT and UPDATE_MODE will be ignored if
# RAMSIZE is not empty. see docu
MOUNT_OPT='ro' # mount opt device: ro, rw
PART_OPT='hda2' # location of opt-files? ram1 or disk-partition
UPDATE_MODE='full' # add, cfg, full, none, see documentation
#------------------------------------------------------------------------------
# Ethernet card drivers:
# uncomment your ethernet card
#------------------------------------------------------------------------------
ETH_DRV_N='1' # number of ethernet drivers to load, usually 1
#ETH_DRV_1='3c505' # ISA: 3COM Etherlink Plus (3c505)
#ETH_DRV_1='3c507' # ISA: 3COM Etherlink 16 (3c507)
#ETH_DRV_1='3c509' # ISA: 3COM EtherLinkIII (3c509)
#ETH_DRV_1='3c515' # ISA: 3COM EtherLink XL ISA (3c515)
#ETH_DRV_1='3c59x' # PCI: 3COM Vortex/Boomerang 3c59x,3c900,3c905
#ETH_DRV_1='82596' # Apricot Xen-II on board Ethernet
#ETH_DRV_1='3c503' # ISA: 3COM EtherLinkII (3c503)
#ETH_DRV_1='e2100' # ISA: Cabletron E21xx ISA
#ETH_DRV_1='hp' # ISA: HP PCLAN (27245, 27xxx) ISA
#ETH_DRV_1='hp-plus' # ISA: HP PCLAN+ (27247B and 27252A) ISA
#ETH_DRV_1='ne' # ISA: NE2000 ISA clone (eg. Realtek 8019,
# Accton 16xx, NatSemi 8390, UMC 9003/9008)
#ETH_DRV_1='ne2k-pci' # PCI: NE2000 PCI clone (eg. Realtek 8029,
# Winbond 89c940)
#ETH_DRV_1='smc-ultra' # ISA: SMC ULTRA
#ETH_DRV_1='smc-ultra32' # EISA: SMC ULTRA32 (NEW)
#ETH_DRV_1='wd' # ISA: SMC WD80*3
#ETH_DRV_1='at1700' # ISA: AT1700 (Fujitsu 86965) ISA
#ETH_DRV_1='cs89x0' # ISA: IBM Etherjet, cs89x0 based Cards (Option io=0xnnn necessary!)
#ETH_DRV_1='de4x5' # PCI/EISA: Digital DE425, DE434, DE435, DE450, DE500
#ETH_DRV_1='depca' # ISA: DEPCA, DE10x, DE200, DE201, DE202, DE422
#ETH_DRV_1='dgrs' # PCI: Digi International RightSwitch PCI/EISA
#ETH_DRV_1='dmfe' # PCI: DM9102 compatible PCI cards from Davicom
#ETH_DRV_1='lp486e' # ISA: Intel Professional Workstation/panther 82596
#ETH_DRV_1='eepro' # ISA: Intel EtherExpress Pro/10
#ETH_DRV_1='eepro100' # PCI: Intel EtherExpressPro PCI 10+/100B/100+
#ETH_DRV_1='eexpress' # ISA: EtherExpress16 ISA
#ETH_DRV_1='epic100' # PCI: SMC EPIC/100 (EtherPower II) PCI
#ETH_DRV_1='eth16i' # ISA/EISA: ICL EtherTeam 16i/32
#ETH_DRV_1='ewrk3' # ISA: EtherWORKS 3 ISA (DE203, DE204, DE205)
#ETH_DRV_1='fa3xx' # PCI: NETGEAR FA3XX PCI Ethernet Controller
#ETH_DRV_1='fealnx' # PCI: ASOUND LAN 8139 card - not RTL8139 (NEW)
#ETH_DRV_1='hp100' # ISA/EISA/PCI: HP 10/100VG PCLAN (ISA, EISA, PCI)
#ETH_DRV_1='lance' # ISA: AMD LANCE and PCnet (AT1500, NE2100) ISA
#ETH_DRV_1='old_tulip' # PCI: Old DECchip Tulip (dc21x4x) PCI
#ETH_DRV_1='pcnet32' # PCI: AMD PCI PCnet32
ETH_DRV_1='rtl8139-orig' # PCI: RealTek 8129/8139 (not 8019/8029!)
#ETH_DRV_1='rtl8139' # PCI: RealTek 8129/8139 (not 8019/8029!) (NEW)
#ETH_DRV_1='8139too' # PCI: RealTek 8139 10/100 MB (NEW)
#ETH_DRV_1='sis900' # PCI: SiS 900/7016
#ETH_DRV_1='sundance' # PCI: DFE-550FX or DFE-530TXS (NEW)
#ETH_DRV_1='tlan' # PCI: TI ThunderLAN (Compaq Netelligent ...)
#ETH_DRV_1='tulip' # PCI: DECchip Tulip (dc21x4x) PCI
#ETH_DRV_1='natsemi' # PCI: Nat Semi
#ETH_DRV_1='starfire' # PCI: Starfire
#ETH_DRV_1='via-rhine' # PCI: VIA Rhine PCI (3043, VT86c100A, dfe-530tx)
#ETH_DRV_1='winbond-840' # PCI: Winbond 840
#ETH_DRV_1='lanstreamer' # Token Ring: IBM Auto LANStreamer PCI Adapter
#ETH_DRV_1='olympic' # Token Ring: IBM cards (Pit/Pit-Phy/Olympic)
#ETH_DRV_1='ibmtr' # Token Ring: IBM 16/4
#ETH_DRV_1='pcnet_cs' # PCMCIA: NS8390-based cards (NE2000, DLINK etc)
#ETH_DRV_1='3c574_cs' # PCMCIA: 3Com 574
#ETH_DRV_1='3c575_cb' # PCMCIA: 3Com 575
#ETH_DRV_1='3c589_cs' # PCMCIA: 3Com 589
#ETH_DRV_1='airo' # PCMCIA: Airo 4500 & 4800 series cards
#ETH_DRV_1='airo_cs' # PCMCIA: Airo 4500 & 4800 series cards
#ETH_DRV_1='eepro100_cb' # PCMCIA: EtherExpress Pro 100
#ETH_DRV_1='epic_cb' # PCMCIA: SMC 83c170 EPIC/100
#ETH_DRV_1='ibmtr_cs' # PCMCIA: IBM Token Ring
#ETH_DRV_1='netwave_cs' # PCMCIA: Netwave AirSurfer Wireless LAN
#ETH_DRV_1='nmclan_cs' # PCMCIA: New Media Ethernet LAN
#ETH_DRV_1='ray_cs' # PCMCIA: Raylink wireless cards
#ETH_DRV_1='smc91c92_cs' # PCMCIA: SMC91c92-based cards
#ETH_DRV_1='tulip_cb' # PCMCIA: DEC 21040-family cards
#ETH_DRV_1='wavelan_cs' # PCMCIA: WaveLAN
#ETH_DRV_1='wavelan2_cs' # PCMCIA: WaveLAN2
#ETH_DRV_1='wvlan_cs' # PCMCIA: Lucent WaveLAN/IEEE 802.11
#ETH_DRV_1='xirc2ps_cs' # PCMCIA: Xircom: CE2, CEM28, CEM33, or CE3
#ETH_DRV_1='wl24_cs' # PCMCIA: ELSA Airlancer MC-2
#ETH_DRV_1='cs89x0_cs' # PCMCIA: IBM EtherJet Ethernet Adapter
#ETH_DRV_1='orinoco_cs' # PCMCIA: Orinoco Based WLAN Cards (NEW)
#ETH_DRV_1='axnet_cs' # PCMCIA: Asix AX88190 Fast Ethernet (NEW)
ETH_DRV_1_OPTION='' # additional option, e.g. 'io=0x340' for ne
#------------------------------------------------------------------------------
# Ether networks used with IP protocol:
#------------------------------------------------------------------------------
IP_ETH_N='1' # number of ip ethernet networks, usually 1
IP_ETH_1_NAME='' # optional: other device name than ethX
IP_ETH_1_IPADDR='192.168.0.2' # IP address of your n'th ethernet card
IP_ETH_1_NETWORK='192.168.0.0' # network of your LAN
IP_ETH_1_NETMASK='255.255.255.0' # netmask of your LAN
#------------------------------------------------------------------------------
# Additional routes, optional
#------------------------------------------------------------------------------
IP_DEFAULT_GATEWAY='' # normally not used, read documentation!
IP_ROUTE_N='0' # number of additional routes
IP_ROUTE_1='192.168.7.0 255.255.255.0 192.168.6.99' # network netmask gateway
#------------------------------------------------------------------------------
# Masquerading:
#------------------------------------------------------------------------------
MASQ_NETWORK='192.168.6.0/24' # networks to masquerade (e.g. our LAN)
MASQ_MODULE_N='7' # load n masq modules (default: only ftp)
MASQ_MODULE_1='ftp' # ftp
#MASQ_MODULE_2='h323' # h323 (netmeeting)
MASQ_MODULE_2='icq' # icq (use with caution!)
MASQ_MODULE_3='irc' # irc
#MASQ_MODULE_5='raudio' # raudio
#MASQ_MODULE_6='vdolive' # vdolive
MASQ_MODULE_4='quake' # quake
#MASQ_MODULE_8='cuseeme' # cuseeme
#MASQ_MODULE_9='mms' # MSN-Filetransfer
#MASQ_MODULE_10='pptp' # pptp
MASQ_MODULE_5='ipsec' # ipsec
MASQ_MODULE_6='dplay' # dplay (direct play)
#MASQ_MODULE_13='msn-0.02' # msn zone (use version 0.01 or 0.02)
MASQ_MODULE_7='udp_dloose' # pseudo mod: some internet games need it
MASQ_FTP_PORT_N='0' # using ftp masq-module on different ports
MASQ_FTP_PORT_1='21' # standard ftp port
MASQ_FTP_PORT_2='2021' # additional port
#------------------------------------------------------------------------------
# Optional package: PORTFW
#
# If you set OPT_PORTFW='yes', you can also edit opt/etc/portfw.sh
#------------------------------------------------------------------------------
OPT_PORTFW='yes' #install port forwarding tools/modules
PORTFW_N='5' #how many portforwardings to set up
PORTFW_1='8765 192.168.0.4:8765 tcp' #ts
PORTFW_2='8766 192.168.0.4:8766 tcp' #ts
PORTFW_3='6662 192.168.0.4:6662 tcp' #esel
PORTFW_4='6672 192.168.0.4:6672 udp' #esel
PORTFW_5='4810 192.168.0.4:4810 tcp' #icq
#------------------------------------------------------------------------------
# Routing without masquerading
#------------------------------------------------------------------------------
ROUTE_NETWORK='' # optional: route from/to network, no masq
#------------------------------------------------------------------------------
# Routing: internal hosts to deny forwarding
#------------------------------------------------------------------------------
FORWARD_DENY_HOST_N='16' # number of denied hosts
FORWARD_DENY_HOST_1='192.168.0.14'
FORWARD_DENY_HOST_2='192.168.0.100' FORWARD_DENY_HOST_3='192.168.0.107'
FORWARD_DENY_HOST_4='192.168.0.114'
FORWARD_DENY_HOST_5='192.168.0.132'
FORWARD_DENY_HOST_6='192.168.0.154'
FORWARD_DENY_HOST_7='192.168.0.202'
FORWARD_DENY_HOST_8='192.168.0.212'
FORWARD_DENY_HOST_9='192.168.0.219'
FORWARD_DENY_HOST_10='192.168.0.230'
FORWARD_DENY_HOST_11='192.168.0.252'
FORWARD_DENY_HOST_12='192.168.0.203'
FORWARD_DENY_HOST_13='192.168.0.5'
FORWARD_DENY_HOST_14='192.168.0.6'
FORWARD_DENY_HOST_15='192.168.0.7'
FORWARD_DENY_HOST_16='192.168.0.8'
#------------------------------------------------------------------------------
# Routing: ports to reject/deny forwarding (from inside and outside!)
#------------------------------------------------------------------------------
FORWARD_DENY_PORT_N='1' # no. of ports to reject/deny forwarding
FORWARD_DENY_PORT_1='137:139 REJECT' # deny/reject forwarding of netbios
FORWARD_TRUSTED_NETS='' # but allow forwarding between LANs
#------------------------------------------------------------------------------
# Firewall: ports to reject/deny from outside (all served ports)
#
# here we leave two ports untouched:
#
# 53 dns
# 113 auth
#------------------------------------------------------------------------------
FIREWALL_DENY_PORT_N='6' # no. of ports to reject/deny
FIREWALL_DENY_PORT_1='0:52 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_2='54:112 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_3='114:1023 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_4='5000:5001 REJECT' # imond/telmond ports: reject or deny
FIREWALL_DENY_PORT_5='8000 REJECT' # proxy access: reject or deny
FIREWALL_DENY_PORT_6='20012 REJECT' # vbox server access: reject or deny
FIREWALL_DENY_ICMP='no' # deny icmp (ping): yes or no
FIREWALL_LOG='yes' # log access to rejected/denied ports
#------------------------------------------------------------------------------
# Domain configuration:
#------------------------------------------------------------------------------
START_DNS='yes' # start dns server: yes or no
DNS_FORWARDERS='193.189.244.197 193.189.244.205' # DNS servers of your provider, e.g. MSN
DNS_VERBOSE='no' # log queries in /usr/local/ens/ens.log
DOMAIN_NAME='hasu.fli4l' # your domain name
DNS_FORBIDDEN_N='0' # number of forbidden domains
DNS_FORBIDDEN_1='foo.bar' # 1st forbidden domain
DNS_FORBIDDEN_2='bar.foo' # 2nd forbidden domain
HOSTS_N='3' # number of hosts in your domain
HOST_1='192.168.0.2 fli4me' # 1st host: ip and name
HOST_2='192.168.0.4 hasufel' # 2nd host: ip and name
HOST_3='192.168.0.3 lude' # 3rd host: ip and name
#HOST_4='192.168.6.4 client4' # 4th host: ip and name
#------------------------------------------------------------------------------
# Special DNS configuration
#------------------------------------------------------------------------------
DNS_N='0' # number of special dns servers, normally 0
#DNS_1='firma.de 192.168.1.12' # 1st special dns server for firma.de
#DNS_2='lan.firma.de 192.168.2.12' # 2nd special dns server for lan.firma.de
#------------------------------------------------------------------------------
# imond configuration:
#------------------------------------------------------------------------------
START_IMOND='yes' # start imond: yes or no
IMOND_PORT='5000' # TCP-Port, see also FIREWALL_DENY_PORT_x!
IMOND_PASS='' # imond-password, may be empty
IMOND_ADMIN_PASS='afk' # imond-admin-password, may be empty
IMOND_LED='' # tty for led: com1 - com4 or empty
IMOND_BEEP='no' # beep if connection going up/down
IMOND_LOG='no' # log /var/log/imond.log: yes or no
IMOND_LOGDIR='/var/log' # log-directory, e.g. /var/log
IMOND_ENABLE='yes' # accept "enable/disable" commands
IMOND_DIAL='yes' # accept "dial/hangup" commands
IMOND_ROUTE='yes' # accept "route" command
IMOND_REBOOT='yes' # accept "reboot" command
#------------------------------------------------------------------------------
# Generic circuit configuration:
#------------------------------------------------------------------------------
IP_DYN_ADDR='yes' # use dyn. ip addresses (most providers do)
DIALMODE='auto' # standard dialmode: auto, manual, or off
#------------------------------------------------------------------------------
# optional package: syslogd
#------------------------------------------------------------------------------
OPT_SYSLOGD='no' # start syslogd: yes or no
SYSLOGD_DEST_N='1' # number of destinations
SYSLOGD_DEST_1='*.* /dev/console' # n'th prio & destination of syslog msgs
SYSLOGD_DEST_2='*.* @192.168.6.2' # example: loghost 192.168.6.2
SYSLOGD_DEST_3='kern.info /var/log/dial.log' # example: log infos
#------------------------------------------------------------------------------
# optional package: klogd
#------------------------------------------------------------------------------
OPT_KLOGD='no' # start klogd: yes or no
#------------------------------------------------------------------------------
# optional package: y2k correction
#------------------------------------------------------------------------------
OPT_Y2K='no' # y2k correction: yes or no
Y2K_DAYS='' # correct hardware Y2K-Bug: add x days
#------------------------------------------------------------------------------
# Optional package: PNP
#------------------------------------------------------------------------------
OPT_PNP='no' # install isapnp tools: yes or
Wäre nett, wenn mir jemand dieses Brett vorm Kopf entfernen könnte.
mfg hasufel
btw: gibts mitlerweile eine Möglichkleit Client-IP-Bereiche zu sperren? Ich habe bisher nur ein paar einzelne gesperrt. Darum müssten die anderen Clients im LAN ja nur ihre IP ändern um meinen Router als Gateway zu nutzen.
Sonst muss ich 250 Ports einzeln auflisten. Das wäre ja suboptimal...