Re: simple firewall for masquerade

To: debian-alpha@lists.debian.org
Subject: Re: simple firewall for masquerade
From: Juhan Ernits <juhan@cc.ioc.ee>
Date: Fri, 21 Feb 2003 18:41:59 +0200 (EET)
Message-id: <[🔎] Pine.GSO.4.21.0302211835130.10175-100000@suhkur>
In-reply-to: <[🔎] 3E564BBE.6050606@mit.edu>

On Fri, 21 Feb 2003, Adam C Powell IV wrote:

> >Does anybody have a hint on the easiest way to do this?
> >
> apt-get install ipmasq
> 
> It uses ipchains (or its front-end in 2.4), and installs an init.d 
> script which automatically determines at boot time which interface is on 
> the net, and sets up rules accordingly.  Fully automatic everything. 
>  Firewall rules are pretty conservative, but very customizable, and I've 
> never need to open anything up -- its best to err on the conservative 
> side right?

True, it is the easiest way to deal with the problem. The only thing is
that with 2.4 kernels ipmasq uses the backwards compatibility module of
ipchains, which does not have support for e.g. ftp_conntrack and other
such modules. Provided it is not needed, ipmasq is extremely handy
to install and run.

Regards,

Juhan Ernits

Reply to:

References:
- Re: simple firewall for masquerade
  - From: Adam C Powell IV <hazelsct@mit.edu>

Prev by Date: Re: ccc
Next by Date: Re: seti@home for alpha
Previous by thread: Re: simple firewall for masquerade
Next by thread: Re: simple firewall for masquerade
Index(es):
- Date
- Thread