firewall configuration

To: tclug-list@mn-linux.org
Subject: firewall configuration
From: David Guy Brizan <dbrizan@mr.net>
Date: Mon, 09 Aug 1999 10:47:17 -0500
Reply-To: brizan@freenet.msp.mn.us

Hey folks! This is a follow up from Clay's talk on Saturday. (Thanks
Clay! Very informative.) For those of you who are using ipchains to do
firewalling, here is a URL which, used properly, generates a script
which can be used for the "rc.firewall" which Clay makes reference to:

	http://rlz.ne.mediaone.net/linux/firewall/

(Start by selecting "General Home System..." unless you happen to be a
mediaone.net customer, I guess.)

I found it a little hard to understand, personally. And, unless I missed
something, it doesn't account for IP Masquerading at all, which, I
believe, is the most common thing ipchains / ipfwadm are used for on
Linux.

Oh well. Maybe someone can step up and make something similar, but
better. Maybe I will, if I suddenly get a heap of free time on my hands.
In the mean time, these commands are taken from the ("3.1.  Rusty's
Three-Line Guide To Masquerading" section of the) IPCHAINS-HOWTO:

	# ipchains -P forward DENY
	# ipchains -A forward -i ppp0 -j MASQ
	# echo 1 > /proc/sys/net/ipv4/ip_forward

(Substitute ppp0 with your "external" interface, of course.) The two, in
combination, should give you a decent firewall / router... except, I
believe, you have to open all ports above 61000 for masquerading. (See
previous question and -- I hope -- discussion.)

Cheers!

-- 

Nothing convinces me that computing is an art so much as a bad install.

David Guy Brizan          brizan@freenet.msp.mn.us          612-814-8223

Follow-Ups:
- Re: [TCLUG:7419] firewall configuration
  - From: "Clayton T. Fandre" <cfandre@maddog.mn-linux.org>

Prev by Date: IP masquerading ports
Next by Date: RE: [TCLUG:7416] PCI Sound Card
Prev by thread: IP masquerading ports
Next by thread: Re: [TCLUG:7419] firewall configuration
Index(es):
- Date
- Thread