Re: Recommendations for a simple firewall please

To: "Tony Sequeira" <tony@sequeira.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Recommendations for a simple firewall please
From: Ian Johnstone <ianj@westnet.com.au>
Date: Wed, 12 Feb 2003 23:43:42 +0800
Message-id: <5.1.0.14.2.20030212233329.00a86230@mail.westnet.com.au>
In-reply-to: <20030212053145.16017.h010.c000.wm@mail.sequeira.com.critic alpath.net>

Hi

My machines, all windows, access the net (browsing and download pop email) thru one Linux machine acts as a gateway and it has an ISDN/PPP connection.    The Gateway runs KDM. The windows machines use telnet, Xfree86 to access Linux.

I use the following script. Its simple. Its appears secure. And I think I even know what it does :-) I built it after reading various random "how-tos" on iptables, so I cliam no originality for it.

I took this approach cause the myriad of possible firewalls just were too complicated to properly understand, and I wanted something that made sense to me.

Of course I might have it all wrong ....

Ian

-----------------------------------------cut here-------------------------------------------
#!/bin/sh

# Build a NAT Firewall

# ippp0 interface connects us via ISDN to the Internet
# eth0 connects us to the internal network of mostly windows PCs

#### HOUSE KEEPING

# Flush all the rules in filter and nat tables

   iptables --flush
   iptables --table nat --flush

# Delete all chains that are not in default filter and nat table

   iptables --delete-chain
   iptables --table nat --delete-chain

#### THE RULES

# stop ALL incoming connections on ippp0
#       NEW connections we don't want.
#       INVALID stuff goes no further

   iptables -A INPUT -m state --state NEW,INVALID -i ippp0 -j DROP

# Hide internal LAN via NAT

   iptables --table nat --append POSTROUTING --out-interface ippp0 -j MASQUERADE

# allow forwarding from local Ethernet

   iptables --append FORWARD --in-interface eth0 -j ACCEPT

----------------------------------------------------------------------------------------------

At 09:31 PM 12/02/2003, Tony Sequeira wrote:

Hi all,

I am running 2 machines with Debian Woody, one has X, the
other not.

They both have their own dial up access to the internet,
and are on an internal network (192.168.0.)

I have installed ferm and ipmenu on the non X machine, but
am having difficulty setting up a firewall.

The X machine has uses firestarter, but not quite as things
should be, Firestarter starts on a boot up, but typically
starts so restrictively, that I cannot download my email or
surf the web. I have to stop and reconfigure firestarter
after every bootup. The documenattion says that a single
configuration file should be reusable, but I cannot find
where to place it.

I spent a weekend playing with ferm/ipmenu on the other
machine, and got in a hell of a mess.

Documentation is minimal at best. I don't have the
grounding to set these things automatically.

I would like a firewall that springs into action when I
dial up my ISP, and goes down when I disconnect.

If someone can suggest the best tool(s) to use for such a
requirement and point me at a reasonably verbose HOWTO, I
would be grateful.

Cheers

--
Tony

--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Recommendations for a simple firewall please
Next by Date: Re: Recommendations for a simple firewall please
Previous by thread: Re: Recommendations for a simple firewall please
Next by thread: Re: Recommendations for a simple firewall please
Index(es):
- Date
- Thread