Re: Recommendations for a simple firewall please
Hi
My machines, all windows, access the net (browsing and download pop
email) thru one Linux machine acts as a gateway and it has an ISDN/PPP
connection. The Gateway runs KDM. The windows
machines use telnet, Xfree86 to access Linux.
I use the following script. Its simple. Its appears
secure. And I think I even know what it does :-) I built it
after reading various random "how-tos" on iptables, so I cliam
no originality for it.
I took this approach cause the myriad of possible firewalls just were too
complicated to properly understand, and I wanted something that made
sense to me.
Of course I might have it all wrong ....
Ian
-----------------------------------------cut
here-------------------------------------------
#!/bin/sh
# Build a NAT Firewall
# ippp0 interface connects us via ISDN to the Internet
# eth0 connects us to the internal network of mostly windows
PCs
#### HOUSE KEEPING
# Flush all the rules in filter and nat tables
iptables --flush
iptables --table nat --flush
# Delete all chains that are not in default filter and nat
table
iptables --delete-chain
iptables --table nat --delete-chain
#### THE RULES
# stop ALL incoming connections on ippp0
# NEW connections
we don't want.
# INVALID stuff
goes no further
iptables -A INPUT -m state --state NEW,INVALID -i ippp0 -j
DROP
# Hide internal LAN via NAT
iptables --table nat --append POSTROUTING --out-interface
ippp0 -j MASQUERADE
# allow forwarding from local Ethernet
iptables --append FORWARD --in-interface eth0 -j
ACCEPT
----------------------------------------------------------------------------------------------
At 09:31 PM 12/02/2003, Tony Sequeira wrote:
Hi all,
I am running 2 machines with Debian Woody, one has X, the
other not.
They both have their own dial up access to the internet,
and are on an internal network (192.168.0.)
I have installed ferm and ipmenu on the non X machine, but
am having difficulty setting up a firewall.
The X machine has uses firestarter, but not quite as things
should be, Firestarter starts on a boot up, but typically
starts so restrictively, that I cannot download my email or
surf the web. I have to stop and reconfigure firestarter
after every bootup. The documenattion says that a single
configuration file should be reusable, but I cannot find
where to place it.
I spent a weekend playing with ferm/ipmenu on the other
machine, and got in a hell of a mess.
Documentation is minimal at best. I don't have the
grounding to set these things automatically.
I would like a firewall that springs into action when I
dial up my ISP, and goes down when I disconnect.
If someone can suggest the best tool(s) to use for such a
requirement and point me at a reasonably verbose HOWTO, I
would be grateful.
Cheers
--
Tony
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: