Here are some important notes concerning the use of some protocols.
If your computer is connected to a LAN that you want to use NETBIOS on, there is a little extra you need to do to get things working smoothly. Basically, create a zone for your LAN, which you probably have done anyway, and make sure that the broadcast address of the LAN is is also in the list of zone addresses.
If you don't know what the broadcast address for your LAN is, the simplest way is to go to shell and run the command /sbin/ifconfig. You will see something similar to this:
eth0 Link encap:Ethernet HWaddr 00:50:FC:2A:AB:7A inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:240 (240.0 b) Interrupt:10 Base address:0x4000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:992 errors:0 dropped:0 overruns:0 frame:0 TX packets:992 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:76568 (74.7 Kb) TX bytes:76568 (74.7 Kb)This is a list of the network interfaces that your computer has. Your list will probably be different of course. The names of the network interfaces are listed on the left side. You need to go to one that corresponds to you LAN. It will typically be called ethX. It's also possible that you will have multiple ethX entries, especially if you also have cable internet access or ADSL. Once you have found the entry look for Bcast:. This is the broadcast address for the network connected to that network interface. Put this broadcast address in your LAN zone's list of IP addresses.
It is not possible to do effective scanning with nmap or nessus through, or from out of, a machine running Guarddog. The reason is that firewalls are designed to block the kind of unusual and "hostile looking" network traffic that these kinds of programs produce. A firewall can't distinguish between friendly scan traffic produced by you, and unwanted scan traffic produced by intruders, so it blocks both types.
People in Australia using Telstra's BigPond cable for internet access need to make sure that Telstra's dce-server machine is permitted to serve BigPond Cable Login to your local machine. This is needed for logging on to BigPond and also to allow the 'heartbeat' that BigPond uses to check that your machine is still online.
One thing you could do is create special zone for the important BigPond servers that also serve mail etc and then make sure that dce-server is entered in there, and then permit BigPond Cable Login protocol and whatever mail and web protocols you want, to be served from there.
In X Window System the notion of client and server is a bit backwards. The server is considered to be the machine running the X server program and displaying the screen and accepting user input. While the client is considered to be the remote program whose user interface is being displayed on the X server.
What this means is that you need to make sure that X is permitted to be served from the zone containing the machine showing the X display (the X server), to the zone containing the machines that actually run your programs (the clients).
Go to the section called “DHCP (Dynamic Host Configuration Protocol)” for information about using DHCP with Guarddog.
|Tutorial: Router Configuration||Up||Program Reference|