Re: firewall considerations
James LeClair wrote:
> I would like to do a fresh install on this machine with woody and kernel
> 2.4 using IPTABLES to set up the same type of situation, with a
> few additional features.
>
> What would be the minimum required modules to install so as to allow the
> following to take place in the future:
>
> 1: firewalling and possibly stateful packet inspection
iptable_filter
ip_conntrack, ipt_state, ip_conntrack_ftp
> 2: port forwarding so as to allow external requests from the internet to
> be forwarded from my router to the appropriate server on internal network
ipt_REDIRECT
> 3: masqerading to allow all internal computers to access internet
iptable_nat, ip_nat_ftp
> Also, is there a script out there that could convert my existing IPCHAINS
> ruleset to at least get me started?
Won't be too hard to do yourself. Besides stateful packet filtering, the
biggest changes between IPChains and IPTables are:
1) There is a separate NAT table with its own chains to handle redirects,
masquerading, etc.
2) Instead of passing through all 3 chains (INPUT, FORWARD, OUTPUT), a
forwarded packet will only pass through the FORWARD chain
If you need more help, you can study the man page for IPTables or search
Google for "IPTables HOWTO" or something similar.
Adam
Reply to: