Re: Is ipmasq worth it?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There's a seperate package for ip masquerading?
Coming from another distro (Mandrake 7.2) where it must have
been bundled up with the ipchains RPM, I just had a firewall/
masq script that does, among other things :
## Masquerading firewall timeouts
$IPCHAINS -M -S 14400 60 600
## Set up kernel to enable IP masquerading
echo 1 > /proc/sys/net/ipv4/ip_forward
## Set up kernel to handle dynamic IP masquerading
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
## Don't Masquerade internal-internal traffic
$IPCHAINS -A forward -s $IN_NET -d $IN_NET -j ACCEPT
## Don't Masquerade external interface direct
$IPCHAINS -A forward -s $OUT_NET -d $REMOTENET -j ACCEPT
## Masquerade all internal IP's going outside
$IPCHAINS -A forward -s $IN_NET -d $REMOTENET -j MASQ
## Set Default rule on MASQ chain to Deny
$IPCHAINS -P forward DENY
## Allow all connections from the network to the outside
$IPCHAINS -A input -s $IN_NET -d $REMOTENET -j ACCEPT
$IPCHAINS -A output -s $IN_NET -d $REMOTENET -j ACCEPT
I just copied that script to Debian and run it during startup.
On Tuesday 08 January 2002 01:36 pm, Jason Stechschulte wrote:
> Background:
> I got DSL and wanted to set up a debian box to act as a
> router/firewall for a couple of workstations on my home LAN. At the
> time, I knew nothing about iptables or firewalls, so I installed
> ipmasq and figured I would read up on firewalls and iptables later.
>
> More recent background:
> I recently set up a web server on my home LAN, and wanted to give the
> outside world access to it. So I read some firewall/iptables howtos,
> and to my surprise, it all seems much simpler than I imagined. I
> quickly added a .rul file in /etc/ipmasq/rules and my firewall box
> was rerouting tcp port 80 traffic to the internal lan just fine.
>
> My question:
> Is ipmasq really worth using? It almost seems more difficult keeping
> track of multiple .rul files, plus ipmasq has many .def files that
> seem to set up rules also. From the looks of it, it seems like it
> may be easier to just set it all up manually myself and have full
> control over everything rather than having to learn to do things the
> ipmasq way.
>
> Does anyone else have thoughts on this? Many of the example iptables
> scripts have everything in one file, which would probably make
> maintaining it much simpler. From what I read, the biggest advantage
> of ipmasq is that it starts everything automatically for you and
> without it, you would have to write something to load your rules. I
> really don't see this as a problem, though, so does anyone have any
> suggestions? Should I ditch ipmasq and do things manually or learn
> the ipmasq way?
- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@home.com |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
! "Fair is where you take your cows to be judged." !
! Unknown !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8O0y8jTz5dS9Us5wRAqr4AJ4mS65tdhGCe0wM+olp8bS2B2OPNgCghMzS
6stuGkloZWeJGo21Od+hDGw=
=PFqw
-----END PGP SIGNATURE-----
Reply to: