[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: installing linux

To: [email protected]
Subject: Re: installing linux
From: Erik Wessman <[email protected]>
Date: Mon, 21 Jan 2002 00:42:28 -0500
References: <[email protected]> <[email protected]>
Reply-To: [email protected]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014

For masquerading and firewalling, you can use the somewhat dated script 
generating tool here:

http://www.linux-firewall-tools.com/linux/firewall/

which is for the older ipchains filtering.  The documents are 
RedHat-centric, but the script location and initialization requirements 
can be altered to suit Libranet.  The neat part of it is that it 
generates a very tightly locked down firewall by adopting the policy 
that everything is blocked by default - with known desired/allowable 
ports enabled only by explicit exception.


Sam Burnett wrote:

>Ok, first understand that for this to work, the computer with Libranet must be on and running for the internet to work on any of the networked computers (fine if no one else uses them...). You must also have two network cards, one going to the cable modem, the other to some sort of hub.
>
>First, make sure you have iptables installed:
>
>apt-get install iptables
>
>then go into adminmenu and click the "recompile kernel" option. Select the following options:
>
>Networking options --->
>	[*] Network packet filtering
>	....
>	[*] IP: advanced router
>	....
>	IP Netfilter Configuration --->
>		Make all options [M] EXCEPT:
>			*All options with (EXPERIMENTAL) after them
>			*ipchains
>			*ipfwadm
>
>
>This proceedure will build a new kernel with routing support built in. Next, you can create a firewall script to blackade your machine and masquerade for the computers behind your network (masquerading simply means passing packets from the router to any machine on your network). Here's mine (it's not complete, but it works):
>
>#!/bin/sh
>
># Flush it out!
>iptables -F
>iptables -F -t nat
>iptables -F -t mangle
>
># Set up firewalling/masquerading
>
># NOTE! Replace ppp0 with the device you use to connect to the internet (eth0 or eth1)
>iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
># Replace ppp0 here too.
>iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
>iptables -P INPUT DROP
>
># Uncomment these to open specific ports (if you want to use a Web server/ftp server/etc).
>#iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
>#iptables -A INPUT --protocol tcp --dport 3000 -j ACCEPT
>#iptables -A INPUT --protocol tcp --dport 21 -j ACCEPT
>
># End of firewall.sh
>
>If you need any more help, feel free to ask. I use DSL, so the proceedure for setting up the internet connection isn't the same. Other list members should be able to help. I'll try to find some docs online for this sort of thing.
>
>-Sam
>



-- 
The archive is at https://www.libranetlinux.com/archive.html
To unsubscribe, send email to [email protected]
with a subject of UNSUBSCRIBE.

References:
- Re: installing linux
  - From: [email protected]
- Re: installing linux
  - From: Sam Burnett <[email protected]>

Prev by Date: Re: installing linux
Next by Date: Spell Checking AbiWord?
Prev by thread: Re: installing linux
Next by thread: Re: installing linux
Index(es):
- Date
- Thread