Re: successful server installation, iptables question

[Alan Chandler <alan@chandlerfamily.org.uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 28 October 2002 12:01 pm, linux4bene@pandora.be wrote:
> Hi,
>
> i successfuly installed my new debian server instead of the suse 7.2 that
> was on it. It was a lot easier to install and i knew what i was doing or at
> least i thought i was :-)
> I have installed the ipmasq package to share my internet connection.
> All works ok. However, how does one customize the settings? For instance
> if you want to allow an ssh connection in?

There are two packages one is ipmasq and the other is iptables.  They conflict 
with each other.  I think you need a linux 2.4 kernel to use iptables, ipmasq 
can be used on 2.2 (and 2.4?).

They are very similar to each other - although I have always prefered iptables 
because

a) It brings more options with it to check things like open sessions or 
requests to start a session 

b) The input and forward tables are completely separate (in ipmasq forwarded 
stuff also traversed the input table making it very difficult to have one set 
of rules for filtering into the gateway box and another for forwarding).

I have a custom iptables script to set up my firewall rules - I believe the 
standard debian package does something itself, but I have not really looked 
at that part.

My suggestion would be to remove ipmasq and install iptables (I use dselect to 
do this sort of thing) and then both man iptables and look at 
/usr/share/doc/iptables/html for a howto on NAT)

- -- 
Alan Chandler
alan@chandlerfamily.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9vY2PuFHxcV2FFoIRAvXSAKCAqU67f9phrd5a4S3zZJDjDghoxACgjSIE
4ixhv9Maxc93KhfzbQNi0v0=
=kc9r
-----END PGP SIGNATURE-----