[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is ipmasq worth it?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a seperate package for ip masquerading?

Coming from another distro (Mandrake 7.2) where it must have
been bundled up with the ipchains RPM, I just had a firewall/
masq script that does, among other things :
  ## Masquerading firewall timeouts
  $IPCHAINS -M -S 14400 60 600
  
  ## Set up kernel to enable IP masquerading
  echo 1 > /proc/sys/net/ipv4/ip_forward
  
  ## Set up kernel to handle dynamic IP masquerading
  echo 1 > /proc/sys/net/ipv4/ip_dynaddr
  
  ## Don't Masquerade internal-internal traffic
  $IPCHAINS -A forward -s $IN_NET -d $IN_NET -j ACCEPT
  
  ## Don't Masquerade external interface direct
  $IPCHAINS -A forward -s $OUT_NET -d $REMOTENET -j ACCEPT
  
  ## Masquerade all internal IP's going outside
  $IPCHAINS -A forward -s $IN_NET -d $REMOTENET -j MASQ
  
  ## Set Default rule on MASQ chain to Deny
  $IPCHAINS -P forward DENY
  
  ## Allow all connections from the network to the outside
  $IPCHAINS -A input -s $IN_NET -d $REMOTENET -j ACCEPT
  $IPCHAINS -A output -s $IN_NET -d $REMOTENET -j ACCEPT

I just copied that script to Debian and run it during startup.

On Tuesday 08 January 2002 01:36 pm, Jason Stechschulte wrote:
> Background:
> I got DSL and wanted to set up a debian box to act as a
> router/firewall for a couple of workstations on my home LAN.  At the
> time, I knew nothing about iptables or firewalls, so I installed
> ipmasq and figured I would read up on firewalls and iptables later.
>
> More recent background:
> I recently set up a web server on my home LAN, and wanted to give the
> outside world access to it.  So I read some firewall/iptables howtos,
> and to my surprise, it all seems much simpler than I imagined.  I
> quickly added a .rul file in /etc/ipmasq/rules and my firewall box
> was rerouting tcp port 80 traffic to the internal lan just fine.
>
> My question:
> Is ipmasq really worth using?  It almost seems more difficult keeping
> track of multiple .rul files, plus ipmasq has many .def files that
> seem to set up rules also.  From the looks of it, it seems like it
> may be easier to just set it all up manually myself and have full
> control over everything rather than having to learn to do things the
> ipmasq way.
>
> Does anyone else have thoughts on this?  Many of the example iptables
> scripts have everything in one file, which would probably make
> maintaining it much simpler.  From what I read, the biggest advantage
> of ipmasq is that it starts everything automatically for you and
> without it, you would have to write something to load your rules.  I
> really don't see this as a problem, though, so does anyone have any
> suggestions?  Should I ditch ipmasq and do things manually or learn
> the ipmasq way?

- -- 
+------------------------------------------------------------+
| Ron Johnson, Jr.        Home: ron.l.johnson@home.com       |
| Jefferson, LA  USA      http://ronandheather.dhs.org:81    |
|                                                            |
! "Fair is where you take your cows to be judged."           !
!    Unknown                                                 !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8O0y8jTz5dS9Us5wRAqr4AJ4mS65tdhGCe0wM+olp8bS2B2OPNgCghMzS
6stuGkloZWeJGo21Od+hDGw=
=PFqw
-----END PGP SIGNATURE-----
Reply to: