Re: configuration of debian firewall / NAT

To: Carl Buchmann <CBuchmann@videotron.ca>
Cc: debian-firewall@lists.debian.org
Subject: Re: configuration of debian firewall / NAT
From: Matthew Palmer <mjp16@ieee.uow.edu.au>
Date: Fri, 11 Jan 2002 12:29:37 +1100 (EST)
Message-id: <[🔎] Pine.LNX.4.10.10201111217480.387-100000@anode.ieee.uow.edu.au>
In-reply-to: <[🔎] 006d01c19a38$98c8d830$6701a8c0@frankralphs.com>

On Thu, 10 Jan 2002, Carl Buchmann wrote:

> I recently discovered Debian, (I was using RedHat for a while) and I'm
> very impressed with the software and it's capabilities. I want to replace
> my current redhat box which is running as a firewall / Nat with a new
> Debian Box. I would like to know how to configure the firewall and Nat

There are a bunch of different packages to choose from - apt-cache gave me
the following results:

dante-client - Provides a SOCKS wrapper for users behind a firewall.
ferm - maintain and setup complicated firewall rules
firewall-easy - Easy to use packet filter firewall (usually zero config)
firewall-easy-doc-es - Documentation to set up easily firewalls (in Spanish)
fwctl - configure ipchains firewall using higher level abstraction
gfcc - GTK firewall control center
ipchains - Network firewalling for Linux 2.2.x
ipfwadm - Linux 2.0.x firewalling tools
ipmasq - Securely initializes IP Masquerade forwarding/firewalling
mason - Interactively creates a Linux packet filtering firewall.
smtpd - Mail proxy for firewalls with anti-spam and anti-relay features
socks4-server - SOCKS4 server for proxying IP-based services over a firewall
xfwp - X firewall proxy server
firewall - Script to initialise firewalls

Out of that, I'd say 6 look like probable starters.  I don't know how many
of these are available with Potato, but at least one of them should be.

> script on Debian. All I've done now is I set it up the potato and
> configured it as DHCP & Apache server. I was wondering if you could help
> me in any way setting up a firewall \ Nat , and the appropriate steps on
> applying it to Debian.

My firewalls go into a script, /etc/init.d/firewall, which is symlinked to
from /etc/rcS.d/S40firewall, and /etc/rc[06].d/K99firewall, although the
shutdown links aren't particularly necessary.  This means that the firewall
script will get run on startup at the same time (in fact, one step before)
the network interfaces get brought up, which gives no unprotected time.

Documentation abounds on firewalling, from a quick Google I got

http://lyre.mit.edu/~powell/debian-howto/ipmasq.html
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO/

(these three links were pulled off Google - it's a wonderful search engine,
I suggest you try it out).

and of course, if you want bleeding edge (2.4 kernels)

http://netfilter.samba.org/documentation/index.html#HOWTO

> my network configuration is as follow
> 
> WWW ------- eth0---- Debian Box ---- eth1----- HUB

Did you want ports other than 80 to be available, for, say, FTP traffic?  Or
was WWW traffic all you wanted to allow?

At any rate, you want to block incoming connections, do NAT on internal
traffic heading for the outside, and not a lot else (assuming the Debian Box
isn't a server to the outside world of any sort).

-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@ieee.uow.edu.au

Reply to:

References:
- configuration of debian firewall / NAT
  - From: "Carl Buchmann" <CBuchmann@videotron.ca>

Prev by Date: configuration of debian firewall / NAT
Next by Date: Re: configuration of debian firewall / NAT
Previous by thread: configuration of debian firewall / NAT
Next by thread: Re: configuration of debian firewall / NAT
Index(es):
- Date
- Thread