Quick HOWTO : Ch14 : Linux Firewalls Using iptables – Linux Home Networking.
This site was also linked here last May but is so useful I needed to bring it to the top again. Here’s a pertinent figure that describes the iptables process that I seem to need to reference all the time when editing the iptables config file.
Setting Up Squid In Gateway As A Transparent Proxy – Welcome to SourceLINUX Wiki...
Good howto for setting up squid. This link was also posted last May.
Rohm, a Japanese semiconductor company, has created a silicon chip and antenna that’s currently capable of transmitting 1.5Gbps, with the potential to scale up to 30Gbps in the future. By comparison, the fastest 802.11 (WiFi) transmission speeds max out at around 150Mbps, and the incoming WiGig standard peaks at 7Gbps.
via Terahertz wireless chip brings 30Gbps networks, subcutaneous scanning | ExtremeTech.
The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.
Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and there is no “Shorewall process” left running in your system. The /sbin/shorewall program can be used at any time to monitor the Netfilter firewall.
Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.
This is a list of operating system distributions designed for use as the operating system of a machine acting as a router and/or firewall.
List of router or firewall distributions – Wikipedia, the free encyclopedia.
Anyway I did at a fast
cat /proc/net/nf_conntrack | grep 5060to get all connection tracking entries for SIP. And I found more than one, here is on example.
via nf_conntrack and the conntrack program | Robert Penz Blog.
More info on conntrack here…
The timeout for this entry is 180 sec and 172 seconds to go, and the SIP client was all the time sending new probes and therefore the connection was never dropped. What can you do in this instance? You can install conntrack. It is a userspace command line program targeted at system administrators. It enables you to view and manage the in-kernel connection tracking state table. If you want to take a look at the manual without installing it (apt-get install conntrack) you can take a look at this webpage which contains the man page. With this program I did delete the entries with the wrong IP address and everything worked again.
Every computer running Windows that has the file sharing component installed and enabled on a network interface broadcasts a periodic (every 12 minutes) Host Announcement message on the local subnet. On the master browse server for the subnet, these messages are used to maintain the list of available servers in the browse list
via How Computer Browser Service Works: Browser Service.
This is a very noisy service — especially on a network that doesn’t care about browser services.
The Corosync Cluster Engine is a Group Communication System with additional features for implementing high availability within applications. The project provides four C Application Programming Interface features:
Our project is used as a High Availability framework by projects such as Apache Qpid and Pacemaker.
We are always looking for developers or users interested in clustering or participating in our project.
The project is hosted by Fedora Hosted and the The Linux Foundation.
Masquerading Made Simple HOWTO.
Masquerading must be put in the NAT chain or the router won’t know how to return packets to subnets other than its own LAN.