LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-05-2003, 10:54 PM   #16
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31

Interesting case, the RSA secure ID...

do you want to share your problems? there might be a simple solution...
 
Old 12-10-2003, 05:27 PM   #17
Systest7
LQ Newbie
 
Registered: Sep 2003
Location: Santa Clara
Distribution: RH7 Mandrake9
Posts: 5

Rep: Reputation: 0
RSA secure id - got it to work.

OK, its a bit off topic, but as has been pointed out, running samba and a firewall on the same box can be troublesome. The following took me a long time (too long) to get working.

I could not get a W2k box to connect if I plugged it in downstream of the linux iptables box. If I plugged it into the netgear box, it worked.

The answer was to use static IP address for the linux box running iptables (both its NIC's)
Also, to use SNAT on packets departing upstream of the iptables box

Details

cable modem
|
netgear box (NAT)
dhcp + static range. private net 192.168.y.x
|
eth0
linux box: iptables, samba.
dhcp private net 192.168.z.x
eth1
|
hub-> pc's (inc w2k box with Nortel extranet vpn)


The nortel client sets up the vpn to some external host with the
numbers you type in off the keyfob.

NOTE these fobs DO get out of synch and then you cant connect at all.

the magic incantation in iptables was
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP

where $INET_IFACE is the upstream nic (eth0) of the iptables box
and $INET_IP is the static ip of the same.

hope that helps someone.

[woolgathering - suggest ignore]

Even more off topic: Is it really worth all the effort of running iptables these days.

Yes, back when you had dialup, MASQ was great, and a firewall was a good idea. Similarly when in the early days, cable modem, isdn and dsl users got static ip's, they needed some form of NAT/MASQ/port blocking and linux was
a) low cost
b) worked

But now? - those little blue and grey boxes are very compact and amazingly cheap, plus, with a web browser, you can set up a firewall that would take better understanding of iptables than I have.

I suspect those little grey and blue boxes are running mini-linux on rom with a mimimalist apache web server. The revolution continues! - albeit in a slimmed-down form. (Incidentally - is this the first example of linux embracing and extending microsoft? - apropos 'internet connection sharing' and the demise of surfdoubler)

Anyway, apart from breaking in and changing the port block settings, just what could one *do* with one of those boxes? its not like they can run a mail server.
 
Old 12-10-2003, 07:54 PM   #18
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
hardware firewalls are very cheap, you're right. Most people only need that. I think iptables is great for custom stuff, like three-homed network, extensive logging. It is also very appreciated to protect a host in the dmz (multi-layer security)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Recommended Firewall for RH9 benbroad Linux - Security 4 11-21-2004 10:35 AM
Firewall in RH9 lovelysheep Linux - Security 3 08-13-2004 02:40 AM
RH9 Firewall..how do I do it all??? Medic6666 Linux - Newbie 4 07-23-2003 09:19 AM
RH9 Firewall davee Linux - Newbie 3 07-17-2003 10:47 AM
RH9 iptables Firewall rigel Linux - Security 2 06-21-2003 11:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration