On Thu, 31 Jan 2002, Eric G. Miller wrote:
On Thu, 31 Jan 2002 09:08:45 -0500 (EST), Matt Kopishke <kopishke@BlueNoteTechnology.com> wrote:
I have set up a firewall using ipchains and the bridge patch
(bridgein) under potato (2.2.19). The one snag I had was although the
firewall works well only letting the world see certain ports (80 & 443),
it doesn't let the servers behind the firewall get out. I set up a rule
that allows all traffic that originated behind the firewall out, but
because we only have a couple of ports open, and we have no clue what port
the reply packets are going to come on, the reply packets get denied.
I was wondering if there is any way to mark out going packets so we can
let them through on their way back?
Yea, it's called iptables/netfilter (kernel 2.4.x).
I've just switched to 2.4.x on my laptop, and it was painless. I'm about
to do the same on a desktop that runs a firewall using my old original
ipfwadm rules, which are magically translated by debian (potato/2.2.x)
into (i think) ipchains.
Is there someplace I can find instructions to convert to iptables? Is
there a similar on-the-fly conversion script?
...RickM...