|
Hello. I am currently running woody ( kernel
2.2 ) on my router ( IPCHAINS ). It does not do firewalling, or
port forwarding to internal computers. It only serves as a gateway for
computers on my network to access the internet.
I would like to do a fresh install on this machine
with woody and kernel 2.4 using IPTABLES to set up the same type of situation,
with a few
additional features.
What would be the minimum required modules to
install so as to allow the following to take place in the future:
1: firewalling and possibly stateful packet
inspection
2: port forwarding so as to allow external requests
from the internet to be forwarded from my router to the appropriate server on
internal network
3: masqerading to allow all internal computers to
access internet
Also, is there a script out there
that could convert my existing IPCHAINS ruleset to at least get me
started?
Here is my existing IPCHAINS set: ( the internal
nic on the router is assigned static IP info manually using
/etc/network/interfaces )
#!/bin/sh
INTLAN="192.168.0.0/24"
INTIF="eth0"
EXTIF="eth1"
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
EXTIP="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward REJECT
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQThanks in advance to any help offered Cheers, james |
- RE: firewall considerations James LeClair
- RE: firewall considerations Jens Simmoleit
- Re: firewall considerations Adam Aube
