OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] Masquerading connects very slow
From: Volker Kuhlmann (kuhlmavelec.canterbury.ac.nz)
Date: Tue Sep 19 2000 - 16:51:59 CDT

> able to access every web site. Actually, just a short list of
> sites. Among those was hotmail.com. This is a big problem because there
> are about a dozen different IPs in use by hotmail.

Only a dozen? Try www.gmx.{de,net} ...

Just specify www.hotmail.com to ipchains instead of a single IP, and
ipchains will insert a rule for each IP it gets from the DNS lookup. The
bunch of IPS for hotmail shouldn't change all that often, and you could
re-insert the hotmail rule every so often.

> One more question, I'm just dropping connection attempts to doubleclick's
> servers. So, the connections time out with an error message. There's a
> better way. Right?

Seems to work for me. Appended to the output chain. I use a reject,
not deny, and netscape seems to give up after few attempts.

Volker

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com