Re: Router / Firewall / Gateway

To: debian-testing@lists.debian.org
Cc: debian-testing@lists.debian.org
Subject: Re: Router / Firewall / Gateway
From: mark <mark@menem.mine.nu>
Date: Sat, 09 Oct 2004 17:24:55 +0200
Message-id: <[🔎] 416802C7.5000801@menem.mine.nu>
In-reply-to: <[🔎] 1097317316.11096.24.camel@lothlorien>
References: <[🔎] 4163E16D.9030308@menem.mine.nu> <[🔎] 1097317316.11096.24.camel@lothlorien>

Adam Lydick wrote:

[a better place for this is probably debian-security]


Ah, ok will take the next there then, thanks! :-)

For a simple network topology, you can just turn on ip_forward to become
a gateway. Adding NAT will require a little bit more setup.


Really? Wow, why is everything not that easy huh?

For the rest, what do you need that iptables doesn't provide? Or are you
just looking for an easier way to configure the rules? (which I can
certainly understand)

Well I search around for tools, but nothing really popped out, sonow i'm learning iptables.It not easy stuff, but hey, it's also no rocket science so I shouldbe able to figure it out...

For my setup (same scenario as your own) I just:
(1) turned on forwarding (/proc/sys/net/ipv4/ip_forward)
(2) added a NAT rule for each of my internal network cards when routing
to external networks.
(3) added forwarding rules for incoming bittorrent and SMTP traffic
(4) set up flow control with tc to cap non-interactive bandwidth usage
(this was not fun)

You had me with you up until number four here... "What's flowcontrol" for?

(5) added default deny for incoming traffic except for "established
connections" and a small set of allowed ports (http, ssh, etc).


I just learned about established, related etc, rules!

I tried a lot of different tools to see if there was anything better
than just using iptables directly. While there is a lot of fairly good
work, I was annoyed at the interface to most of them. One very common
problem is that they all seemed designed to run on the gateway (GUI and
all). This is not so good, as my gateway/server is a headless machine
with a very minimal set of packages installed.

Ditto, It will even be a VERY simple install. The only thingdifferent about it is that I recompiled the kernel to include MPPEencryption for MS type vpn connections for my road warriors.

Yet more routing difficulties there...

All in all, I guess I really need to learn iptables beforecontinuing. But hey, everyone starts out that way right?


Thanks all,
Mark

Reply to:

Follow-Ups:
- Re: Router / Firewall / Gateway
  - From: Adam Lydick <list-debian@ruffledpenguin.org>

References:
- Router / Firewall / Gateway
  - From: Mark Maas <mark@menem.mine.nu>
- Re: Router / Firewall / Gateway
  - From: Adam Lydick <list-debian@ruffledpenguin.org>

Prev by Date: Re: gtk based menu buttons not displaying text
Next by Date: Re: gtk based menu buttons not displaying text
Previous by thread: Re: Router / Firewall / Gateway
Next by thread: Re: Router / Firewall / Gateway
Index(es):
- Date
- Thread