newbie firewalling questions
Hey all. I am running woody om an old p166 for routing purposes. Works quite
well. Would like to add firewall functionality, so I have a few questions.
Also, I am planning on reinstalling with kernel 2.4 as opposed to the current
config which uses 2.2.
I realize that I am asking a lot. But with a few examples, I could get a grasp
on some basic priciples that would allow me to get going.
Thanks in advace for anyone that provides assistance.
--Wishing all a wonderful summer 2004!
---If i recompile 2.4, what are the bare minimum requirements for future
firewall possibilities?
---How do I enable external requests for machines running network services
internally to be forwarded to their appropriate machines ( ie, ftp, apache
and ssh as examples )?
---Like above, how do I allow/restrict internal requests, that would only
be resolvable by being routed externally, possible/impossible?
ifup enables both nics from /etc/network/interfaces
eth1 is external and gets public ip from isp via dhcp
eth0 is internal and is statically assigned private ip and network info by me
all internal machines use static info
dns servers are those provided by isp
Here is my existing proxy script:
#!/bin/sh
INTLAN="192.168.0.0/24"
INTIF="eth0"
EXTIF="eth1"
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
EXTIP="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e
's/.*://'`"
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward REJECT
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ
Reply to: