From: Digest <deadmail>
To: "OS/2GenAu Digest"<deadmail>
Date: Tue, 21 Jan 2003 00:02:03 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600
Subject: [os2genau_digest] No. 529
Reply-To: <deadmail>
X-List-Unsubscribe: www.os2site.com/list/

**************************************************
Monday 20 January 2003
 Number  529
**************************************************

Subjects for today
 
1  [os2genau] Internet security question : Gavin Miller" <drumextreme at impulse dot net dot au>
2  [os2genau] Help needed with InJoy FireWall setup. : Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>
3  Re: [os2genau] Internet security question : Ed Durrant <edurrant at bigpond dot net dot au>
4  Re: [os2genau] Help needed with InJoy FireWall setup. : Ian Manners" <deadmail>
5  Re: [os2genau] Help needed with InJoy FireWall setup. : Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>

**= Email   1 ==========================**

Date:  Mon, 20 Jan 2003 08:51:12 -0500 (EST)
From:  "Gavin Miller" <drumextreme at impulse dot net dot au>
Subject:  [os2genau] Internet security question

Hi guys,

I'm a tad confused about NETBIOS, NETBIOS over TCP/IP and file/printer shareing.

I have a win 98 box LAN'd to the OS/2 box.  I need netbios to comunicate with the win98 
box right, and I have file shareing on the win98 box so I can transfer files from it.  My 
OS/2 box has an internet conection (just dial up).  The way I understand it, both boxes 
need netbios over tcp/ip in order for outsiders to gain access.  Is that right, or is my 
system a security risk?

Cheers
G

----------------------------------------------------------------------------------
 

**= Email   2 ==========================**

Date:  Mon, 20 Jan 2003 15:24:58 +1100 (EDT)
From:  "Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>
Subject:  [os2genau] Help needed with InJoy FireWall setup.

Hi All,
	I'm having some troubles in getting the firewall with InJoy
correctly configured to prevent all inbound accesses to one pc, but allow
all outbound. As well as another pc blocking all inbound except WWW and
TELNET and also allowing all outbound.

	In ready the docs, it says that the rules are executed in order,
so I've put them first. Should I have put them last?

	This is what I've got and it stops everything. No outbound access
at all, so I'm confused:

KATE-INBOUND    Rule-Status = Disabled,
                Comment = "Disable all inbound accessed to Kate's PC",
                Source = "any",
                Destination = "kate.warpspeed dot com dot au",
                Service-List = "0:65535",
                Rule-Action = Deny

KATE-OUTBOUND   Rule-Status = Disabled,
                Comment = "Enable all outbound accessed to Kate's PC",
                Source = "kate.warpspeed dot com dot au",
                Destination = "any",
                Rule-Action = Allow

MAIN-INBOUND    Rule-Status = Disabled,
                Comment = "Disable all inbound accessed to the MAIN PC
except WWW",
                Source = "any",
                Destination = "main.warpspeed dot com dot au",
                Service-List = "0:65535 -WWW",
                Rule-Action = Deny

MAIN-OUTBOUND   Rule-Status = Disabled,
                Comment = "Enable all outbound accessed to the MAIN PC",
                Source = "main.warpspeed dot com dot au",
                Destination = "any",
                Rule-Action = Allow

-Chris

WarpSpeed Computers - The Graham Utilities for OS/2.
Voice:  +61-3-9307-0611  PO Box 212   FidoNet:     3:632/344
FAX:    +61-3-9307-0633  Brunswick    Internet:    chrisg at warpspeed dot com dot au
BBS:    +61-3-9307-0644  VIC 3056     CompuServe:  100250,1645
300-28,800  N,8,1 ANSI   Australia    Web Page:
                                      http://www.warpspeed dot com dot au



----------------------------------------------------------------------------------
 

**= Email   3 ==========================**

Date:  Mon, 20 Jan 2003 18:00:34 +1100
From:  Ed Durrant <edurrant at bigpond dot net dot au>
Subject:  Re: [os2genau] Internet security question

File and printer sharing use SMB. SMB can run either via NETBEUI (NETBios extended User
Interface) or via TCPBEUI (Netbios over TCPIP). There are two forms of this latter option.
One used by OS/2 Warp up to MPTS v6 and Windows 9x and NT, and another used by Win2k and XP
and available in OS/2 in MPTS v6 and above. The difference is the former requires a WINS
Infrastructure (either WINS servers or LMHOSTS files) to resolve machine names into IP
addresses and the latter uses standard DNS.

You should ALWAYS have a firewall between your internal LAN and the Internet.

Cheers/2

Ed.

Gavin Miller wrote:

> Hi guys,
>
> I'm a tad confused about NETBIOS, NETBIOS over TCP/IP and file/printer shareing.
>
> I have a win 98 box LAN'd to the OS/2 box.  I need netbios to comunicate with the win98
> box right, and I have file shareing on the win98 box so I can transfer files from it.  My
> OS/2 box has an internet conection (just dial up).  The way I understand it, both boxes
> need netbios over tcp/ip in order for outsiders to gain access.  Is that right, or is my
> system a security risk?
>
> Cheers
> G
>

>  


----------------------------------------------------------------------------------
 

**= Email   4 ==========================**

Date:  Mon, 20 Jan 2003 18:31:14 +1100 (EDT)
From:  "Ian Manners" <deadmail>
Subject:  Re: [os2genau] Help needed with InJoy FireWall setup.

Hi Chris

>KATE-INBOUND    Rule-Status = Disabled,

Change "Disabled" to "Always"
Also check that ALL lines end with a comma.

I'll send you demo files off list.

Cheers
Ian B Manners
http://www.os2site dot com/


Is there a Lawyer in the House? -=}BLAM!{=- Any more!?
----------------------------------------------------------------------------------
 

**= Email   5 ==========================**

Date:  Mon, 20 Jan 2003 22:10:55 +1100 (EDT)
From:  "Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>
Subject:  Re: [os2genau] Help needed with InJoy FireWall setup.

On Mon, 20 Jan 2003 18:31:14 +1100 (EDT), Ian Manners wrote:

>Hi Chris
>
>>KATE-INBOUND    Rule-Status = Disabled,
>
>Change "Disabled" to "Always"
>Also check that ALL lines end with a comma.

Sorry. Stupid me. Please ignore that. I had to turn it off otherwise the
PC's were blind to the world.
-Chris

WarpSpeed Computers - The Graham Utilities for OS/2.
Voice:  +61-3-9307-0611  PO Box 212   FidoNet:     3:632/344
FAX:    +61-3-9307-0633  Brunswick    Internet:    chrisg at warpspeed dot com dot au
BBS:    +61-3-9307-0644  VIC 3056     CompuServe:  100250,1645
300-28,800  N,8,1 ANSI   Australia    Web Page:
                                      http://www.warpspeed dot com dot au



----------------------------------------------------------------------------------
 

