Linux - Jnos Setup and Configuration HOW-TOAccess.rc fileBy John Martin KF8KK
|
|
| The access.rc file is currently not implemented in the
Linux version of Jnos.
For more details on the access.rc file please see the full jnos documentation. |
|
| # Start of ACCESS.RC file # *********************** # NB: The IP ACCESS and TCP ACCESS frame work is based on IP ACCESS and TCP # ACCESS control files shown below written by VE3RKS at VE3UOW and by # VE3PNX at VE3RPI. # # # # - This file sould be sourced into your autoexec.nos file after all ports # have been attached and defined. # - This file also contains a handy summary of what TCP/UDP ports are # commonly used. # - This file contains information on the use of TCP ACCESS and IP ACCESS # - All lines begin with # symbols. This is to allow this file to be sourced # into your autoexec.nos after being edited for you specific setup. Lines # that do not begin with # symbols are valid NOS IP and TCP ACCESS commands. # # Ports of interest for both UDP and TCP # ************************************** # 1 - 3599 - SERVER PORTS limit access based on local rules UDP and TCP # *************************************************************************** # 7 - ECHO # 9 - DISCARD # 20 - FTP-DATA # 21 - FTP-CONTROL # 23 - TELNET # 25 - SMTP # 57 - SECONDARY TELNET # 67 - BOOTP # 79 - FINGER # 87 - TTYLINK [Operator chat] # 97 - AXIP/IPIP/IPTUNNEL # 109 - POP2 # 110 - POP3 # 119 - NNTP # 513 - RLOGIN/RWHO # 525 - TIME DAEMON # 1234 - REMOTE # 1235 - CALLSIGN DB # 3600 - CONVERS [Only AMPR.ORG domain should have access] # 3601 - LZW CONVERS [Only AMPR.ORG domain should have access] # *************************************************************************** # 1050 - 32768 - REPLY PORTS should be accessable to all <= very important # *************************************************************************** # IP ACCESS # ********* # IP ACCESS is an important bit of code for a INTERNET/AMPRnet Gateway # as it can be used to selectively allow or disallow the routing of # TCP/IP packets based on source ip address, destination ip address, # packet type [udp/tcp/..], UDP or TCP port number and interface port. # # For most gateways you would like to only pass AMPR.ORG originated # ip address to other AMPR.ORG ip address (like UK and AUSTRALIAN LAW). # Exceptions might be where local law allows Amateurs to originate to # anywhere (including non-amateur destinations) as the replys are # technically under the control of the originator (like USA and CANADIAN # law). # # The idea behind IP ACCESS is to set up rules that will allow or deny # routing of packets. Unlike the TCP ACCESS command, IP ACCESS does not # restrict access to servers at the machine that is running this code. It # does however restrict the gatewaying of IP packets accross interface # ports. # # Valid PROTOCOLS are ICMP, UDP, TCP, and ANY (every thing else). Both # ICMP and ANY do not allow specific port restrictions as port numbers # are not really used for the other TCP/IP protocols. # # WHAT = <permit | deny | delete> # PROT = <tcp | icmp | udp | any> # PORT = ATTACHED INTERFACE/PORT # LOW = TCP or UDP low port number # HIGH = TCP or UDP high port number # # Below I use the following pseudo PORT names: # RF = ax25 rf port (431.90 MHz) # eth0 = PACKET interface to ethernet card # ENCAP = ENCAP routing interface # # IP ACCESS WHAT PROT SOURCE DESTINATION PORT low high # ## ###### ###### #### ############# ############### ##### ###### ###### # # Setup access restrictions to minimize potential FCC Part 97 violations. # Note: order of the following is important. # # Permit any packets from other AMPRNet hosts. ip access permit any 44/8 all RF ip access permit an 44/8 all 80M # # Allow FTP client sessions from the AMPRNet side to transfer data. ip access permit tcp all all RF 20 # # Allow hydra.carleton.ca to send the NOS-BBS list directly. #ip access permit tcp 134.117.12.18 all pi0b 25 # Allow amsat.org to send bulletins directly. #ip access permit tcp 128.54.16.15 all pi0b 25 # # Allow domain lookups ip access permit udp all all RF 53 # # Allow mpg.phys.hawaii.edu complete access for debugging/monitoring purposes. #ip access permit any 128.171.11.17 all pi0b # # Deny connections to all other 'well-known' server sockets. ip access deny tcp all all RF 1 1023 ip access deny udp all all RF 1 1023 # # Prevent access to converse ports from the Internet. ip access deny tcp all all RF 3600 # # Permit connections to all other user (client) sockets and # protocols (including AXIP). ip access permit any all all RF # # end of file access.rc #
|
|
| Introduction Obtaining The Software Installing a DOS partition Slackware Installation A Slackware Installation B Selecting Packages Configuring Linux Linux Network Configuration Starting Slackware Linux Basic Jnos Installation Jnos Localization & Config Starting Jnos Compiling Jnos |
|