Important Notes

If your computer is connected to a LAN that you want to use NETBIOS on, there is a little extra you need to do to get things working smoothly. Basically, create a zone for your LAN, which you probably have done anyway, and make sure that the broadcast address of the LAN is is also in the list of zone addresses.

If you don't know what the broadcast address for your LAN is, the simplest way is to go to shell and run the command /sbin/ifconfig. You will see something similar to this:

eth0      Link encap:Ethernet  HWaddr 00:50:FC:2A:AB:7A
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:240 (240.0 b)
          Interrupt:10 Base address:0x4000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:992 errors:0 dropped:0 overruns:0 frame:0
          TX packets:992 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:76568 (74.7 Kb)  TX bytes:76568 (74.7 Kb)

It is not possible to do effective scanning with nmap or nessus through, or from out of, a machine running Guarddog. The reason is that firewalls are designed to block the kind of unusual and "hostile looking" network traffic that these kinds of programs produce. A firewall can't distinguish between friendly scan traffic produced by you, and unwanted scan traffic produced by intruders, so it blocks both types.

People in Australia using Telstra's BigPond cable for internet access need to make sure that Telstra's dce-server machine is permitted to serve BigPond Cable Login to your local machine. This is needed for logging on to BigPond and also to allow the 'heartbeat' that BigPond uses to check that your machine is still online.

One thing you could do is create special zone for the important BigPond servers that also serve mail etc and then make sure that dce-server is entered in there, and then permit BigPond Cable Login protocol and whatever mail and web protocols you want, to be served from there.

In X Window System the notion of client and server is a bit backwards. The server is considered to be the machine running the X server program and displaying the screen and accepting user input. While the client is considered to be the remote program whose user interface is being displayed on the X server.

What this means is that you need to make sure that X is permitted to be served from the zone containing the machine showing the X display (the X server), to the zone containing the machines that actually run your programs (the clients).

Go to the section called “DHCP (Dynamic Host Configuration Protocol)” for information about using DHCP with Guarddog.

If you are using a web cache/proxy like Squid and also want to peer and interact with other web caches, you may have to enable the ICP (Internet Cache Protocol, under the network section of the Protocol tab. Just enabling the Squid protocol will not enable ICP.