hihi...
I already made peace with postfix...and don't plan to use sendmail on my public server ^^
but I'm getting bored and need to learn something =P
one who never set up sendmail can't call himself an admin...
one who sets it up twice is an...
hehe

What does enabling IP forwarding have to do with masking reverse DNS?

Furthermore, you cannot control your own reverse DNS, your ISP does. That one kind of had me scratching my head, too.

I've been working on my own (personal) firewall, but I'd have a question about the "STEP2: Stopping pings" (in the first post): if I disable answering to pings, how does it affect a dialup connection? Let's take irc, for example: if I use irc, the server pings my client continuously (I think it's because some clients "die" for a reason or another, and keeping "dead" nicknames is not sensible so if a client won't answer to a ping, the nick (connection?) is removed as dead).

Now if I disable ping-stuff and go irc'ing, will this step cause my client to die immediately after a certain (short) period of time, if the server can't catch my ping reply? This isn't good, because that would mean that either I can't be on irc or then I'll have to restart it every two minutes when it dies...

And if there are other services like irc which use ping to determine if a client is there, will they too "throw me out" just because of a non-answered ping? And is there a way to accept ping'ing from a certain server, but at the same time be stealthed to others? How is this done?

Please clear my thoughts.... I'm not a professional on these things, just learning, so I'd appreciate a "pro" (OR _anyone_ who knows something!) telling me how this thing goes?

I'm using iptables-based firewall, if you need to know.

Thanks for any information / assistance.

In the case of IRC, I think it uses something called a CTCP PING, which to my knowledge does not use ICMP like the "normal" ping. The ping utility that comes with most major operating systems uses ICMP echo requests and listens for a response. If you block ICMP, you will just diable responding to ICMP echos (as well as some other features of ICMP, such as MTU discovery).

I'm fairly certain that IRCs PINGs are built into the IRC protocol that runs on the TCP transport.

ok, thanks for infomation.. I'd still like to know if there are any "serious" problems after disabling the answering to ICMP echo request, in other words, do some services need it in order to work?

btw. after checking out, you were right about the irc's "own" ping-system.. I just didn't think about it as I haven't been studying these things so deeply inside irc..just the word "ping" catched my eye..

Somethings rely on ICMP, since it's quite literally Internet Control Message Protocol. Things like path MTU discovery rely on ICMP, and it's also used for things like source quench request, etc... I'd do some Googling for: +icmp +uses, or +icmp +functions, etc...

umm ... i am interested in 1 thing ... to make my server truly stealth to out scanners such as nmap ... or nikto or nsat .... i upgraded all services but the firewall thing is killing me ... can u show me a working iptables firewall that really makes you stealth but still does not block you ??

I haven't solved this one...the grc tests show my machine completely stealth (that's not hard to do), but using nmap's port scan it tells me I've got closed ports - they are still visible.

Hopefully some advanced iptapbles-person can help..I'm just a beginner, as I said, and many things still give me a headache here