Re: firewall & masquerade script availability - 'potato'
On Fri, Oct 20, 2000 at 12:44:37PM -0700, Stephen nyc wrote:
> Can someone point me in the right direction to find a
> good basic script with documentation that works with
> debian? Unfortunately, I don't have as much time as I
> would like to dig into the internals on ip-chains at
> this time. Someday...
Try out the ipmasq package. From the description:
This package contains scripts to initialize IP
Masquerade for use as a firewall. IP Masquerade is
a feature of Linux that allows an entire network
of computers to be connected to another network
(usually the Internet) with only one network
address on the other network. IP Masquerade is
often referred to as NAT (Network Address
Translation) on other platforms.
By default, this package configures the system as
a basic forwarding firewall, with IP spoofing and
stuffed routing protection. The firewall will
allow hosts behind the firewall to get to the
Internet, but not allow connections from the
Internet to reach the hosts behind the
firewall. However, ipmasq now features a very
flexible framework where you can override any of
the predefined rules if you so choose. It also
allows you to control if the rules are
reinterpreted when pppd brings a link up or down.
This package should be installed on the firewall
host and not on the hosts behind the firewall.
IP Masquerade requires the kernel to be compiled
with CONFIG_FIREWALL, CONFIG_IP_FIREWALL,
CONFIG_IP_FORWARD, and CONFIG_IP_MASQUERADE
Reply to: