Re: Router / Firewall / Gateway

To: Mark Maas <mark@menem.mine.nu>
Cc: debian-testing@lists.debian.org
Subject: Re: Router / Firewall / Gateway
From: Adam Lydick <list-debian@ruffledpenguin.org>
Date: Sat, 09 Oct 2004 03:21:56 -0700
Message-id: <[🔎] 1097317316.11096.24.camel@lothlorien>
In-reply-to: <[🔎] 4163E16D.9030308@menem.mine.nu>
References: <[🔎] 4163E16D.9030308@menem.mine.nu>

[a better place for this is probably debian-security]

For a simple network topology, you can just turn on ip_forward to become
a gateway. Adding NAT will require a little bit more setup.

For the rest, what do you need that iptables doesn't provide? Or are you
just looking for an easier way to configure the rules? (which I can
certainly understand)

For my setup (same scenario as your own) I just:
(1) turned on forwarding (/proc/sys/net/ipv4/ip_forward)
(2) added a NAT rule for each of my internal network cards when routing
to external networks.
(3) added forwarding rules for incoming bittorrent and SMTP traffic
(4) set up flow control with tc to cap non-interactive bandwidth usage
(this was not fun)
(5) added default deny for incoming traffic except for "established
connections" and a small set of allowed ports (http, ssh, etc).

I tried a lot of different tools to see if there was anything better
than just using iptables directly. While there is a lot of fairly good
work, I was annoyed at the interface to most of them. One very common
problem is that they all seemed designed to run on the gateway (GUI and
all). This is not so good, as my gateway/server is a headless machine
with a very minimal set of packages installed.

Of the tools that I tried from debian unstable/testing, I believe liked
firestarter the best.

- Adam

On Wed, 2004-10-06 at 05:13, Mark Maas wrote:
> Hello all,
> 
> I'm trying to get a Router / Firewall / Gateway solution 
> setup on Debian Testing.
> Three different roles, require three appraoches i guess.
> 
> So far I was able to find guarddog for the firewall part, 
> through guarddog I found guidedog, wich takes care of the 
> routing part.
> 
> Now I'm looking for something similar for the gateway part, 
> hooking three different subnets together, two of them behind 
> a VPN.
> 
> So:
> Internet 0.0.0.0 -> eth0
> Local Lan 192.168.8.0/24 -> eth1 -> Local
> Remote lan 10.1.0.0/24 -> eth1 -> 192.168.8.11 (VPN)
> Remote lan 192.168.3.0/24 -> eth1 -> 192.168.8.11 (VPN)
> 
> Are there such easy to use tools available?
> 
> Thanks,
> Mark
>

Reply to:

Follow-Ups:
- Re: Router / Firewall / Gateway
  - From: mark <mark@menem.mine.nu>

References:
- Router / Firewall / Gateway
  - From: Mark Maas <mark@menem.mine.nu>

Prev by Date: Re: Sarge install linux26
Next by Date: Re: gtk based menu buttons not displaying text
Previous by thread: Router / Firewall / Gateway
Next by thread: Re: Router / Firewall / Gateway
Index(es):
- Date
- Thread