Re: firewall considerations

To: debian-user@lists.debian.org
Subject: Re: firewall considerations
From: Adam Aube <aaube01@baker.edu>
Date: Thu, 27 May 2004 08:44:40 -0400
Message-id: <[🔎] c94np4$bkf$1@sea.gmane.org>
References: <[🔎] 001701c4401f$ef6d5460$c316b00a@onlinesupport.ca>

James LeClair wrote:

> I would like to do a fresh install on this machine with woody and kernel
> 2.4 using IPTABLES to set up the same type of situation, with a 
> few additional features. 
> 
> What would be the minimum required modules to install so as to allow the
> following to take place in the future:
> 
> 1: firewalling and possibly stateful packet inspection

iptable_filter
ip_conntrack, ipt_state, ip_conntrack_ftp

> 2: port forwarding so as to allow external requests from the internet to
> be forwarded from my router to the appropriate server on internal network

ipt_REDIRECT

> 3: masqerading to allow all internal computers to access internet

iptable_nat, ip_nat_ftp

> Also, is there a script out there that could convert my existing IPCHAINS
> ruleset to at least get me started?

Won't be too hard to do yourself. Besides stateful packet filtering, the
biggest changes between IPChains and IPTables are:

1) There is a separate NAT table with its own chains to handle redirects,
masquerading, etc.

2) Instead of passing through all 3 chains (INPUT, FORWARD, OUTPUT), a
forwarded packet will only pass through the FORWARD chain

If you need more help, you can study the man page for IPTables or search
Google for "IPTables HOWTO" or something similar.

Adam

Reply to:

References:
- firewall considerations
  - From: "James LeClair" <qwerty@eastlink.ca>

Prev by Date: chkrootkit slapper detected
Next by Date: Re: tweedlegnum and tweedlekdee in sid?
Previous by thread: RE: firewall considerations
Next by thread: kernel message logs - should I be worried?
Index(es):
- Date
- Thread