Re: Configuring ipchains and DNS
bob wrote:
I've been borked up by my ISP and it looks like I'm going to loose the
sub-domain I've had for ~7 years in about 3 weeks. This means that I'm
going to have to bring forward the plans I have for this Alpha running
debian potato [1] I have here.
Anyway, long story short. I'd like to get up to speed on configuring a
firewall/gateway & DNS (I think I can handle most everything else but I
have 0 experience with ipchains or setting up a DNS (I'll be
registering a domain). I may need some hints here and there along the
way on other things too.
Two commands:
apt-get install ipmasq
apt-get install bind9
and you're done! The ipmasq package automatically loads the needed
drivers (ipchains for potato and woody, maybe iptables/netfilter in the
future), determines which network interface is on the 'net, and sets up
its (very conservative) rules and starts accordingly. You can even have
it automatically recalculate all of the forwarding rules on ppp up/down
events, that's a debconf question.
The only trickery is to know when to have ipmasq start its stuff
(another debconf question). I've had a lot of DHCP/ipmasq interference
(for lack of a better word) which knocked out networking and required a
reboot, but once you boot with the order right ("dpkg-reconfigure
ipmasq"), everything should work just fine through subsequent reboots.
Ain't Debian great? :-)
Things that I'll need to have pass through the firewall are DNS, email,
http and ssh. I'll also have a few things that'll need access to the LAN
running on the box so allowing 192.168... would be a good idea too :).
The first stuff is no problem. But to get access in from the outside,
you'll need to edit ipmasq's rules, which are in a bunch of files I've
never touched (and have no idea how they work :-). I just ssh into the
firewall and then from there to the LAN, which works just fine.
Oh, and any recommendations for a MTA? Something that can handle a mixed
environment so probably POP + SMTP to keep it simple (sendmail? or
something else?) and be capable of dealing with running small lists.
Is something wrong with exim? That and qpopper should meet your needs;
for lists, maybe mailman?
[1]potato? 'cause its the only distro I've been able to get working on
the box. Besides... its stable.
No problem, all of the above is in good shape in potato.
Zeen,
--
-Adam P.
GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6
Welcome to the best software in the world today cafe!
<http://lyre.mit.edu/%7Epowell/The_Best_Stuff_In_The_World_Today_Cafe.ogg>
--
To UNSUBSCRIBE, email to debian-alpha-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: