See comments inline:
---------- Original Message ----------------------------------
From: Glen Lee Edwards <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Sun, 30 Jul 2000 10:55:19 -0500 (CDT)
>On Sun, 30 Jul 2000, M. Neidorff wrote:
>
> ...These are home PC's, nothing of a real sensitive nature on them,
> and the Windows boxes aren't set up for file or printer sharing, so no
> one can get in to see their files anyway.
Even if you had Windows file and printer sharing enabled, it wouldn't be open to the
Internet behind the firewall. What you really don't want is the Linux equivalent of
Windows file and printer sharing (Samba) enabled ON the firewall. That is where a
hacker/kiddie could get in and do some damage (only to your firewall). with a
properly secured firewall, you can use Windows file and print sharing on your internal
LAN.
> Basically what you're saying is that I can just hook up the ethernet
> cards, do some modifications on the Linux firewall to include the
> gateway IP address, allow packet forwarding, assign each ethernet
> card an IP address; and basically we're off?
I'm not sure EXACTLY what you meant above, but I will try to clarify... You will need
to have two NICs in your Linux box to do IP Masq. One NIC will connect to your DSL
service and will either be set up with a static IP (if your provider assigned you one)
or... wil be set up with DHCP if that is what your provider uses. The other NIC will
connect to you LAN hub or switch. This NIC should be assigned a static IP within your
network. For example, I use the 192.168.1.0 network. My firewall is 192.168.1..1.
Finally, all of your windows machines would need to have their gateway setting set to
the IP addres of the NIC connected to your hub. In my case, all of my internal
machines have a gateway address 192.168.1.1.
> I was told that to use ipchains I have to compile ipchain support
> into the kernel - never recompiled the kernel, don't have a clue how > to do this.
You shouldn't have to do this with the stock kernel that comes with RedHat 6.2, it is
already compiled in. ipchains sets up the NAT (Network Address Translation) rules for
the kernel's packet filter. If you WANT to run any servers behind the firewall that
you want accessible to the outside world, you will need to use ipmasqadm in addition.
My advise to you if you are setting up a firewall for DSL is to make sure that you are
running as close as possible to no services on the box. Disable telnet, http, pop3,
imap, smtp, samba, ftp, finget, talk, etc... At the very least, edit your
/etc/hosts.deny file to ALL:ALL and your /etc/hosts.allow to ALL:LOCAL 192.168.1.
This will only allow your internal LAN access to the services on your firewall and
deny most intruders from outside.
HTH,
George
--
***********************************
George H. Lenzer
Owner - D.L. Media
Lakewood, Ohio 44107
--He who dies with the most toys
--is still dead.
***********************************
--
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
