hi,
can anypne help me out in my security related problem, which as follows:

my config --> I have of PCs running linux and Windows XPs. i need iptables configuration for the following situation:

1. LAN browing among Windows and Linux ( for that I have Samba & it's working).

2. I have internet on PC, running Redhat 8, i want to share it's internet connection with LAN. (i have dialup access.)

3. A reliable and strong firewall for the PC connecting to internet and for the whole LAN.

since i'm newbie to Linux and to iptables(of course) , i need advice in this regard.
any help and any links to related site/forum would be appreciated.
thanks.

try the squid to share internet with other pc and you should have a dns server it is beter i will send you a squid .conf file to help you in configuratin and the cange you need to do in your configuration you use the iptable to secure your server realy am using a squid and it is very good sorry now am not in my office tommorow mornning i will sent it for you am in networking forum now you can start the xinted service and configure your dns service in any pc linux or 2000 server

thanks raheel, but is there any way i can use just the iptables for fireall/internet connection sharing? i heard / read about NAT/MANGLING and masquerading...
does iptables really a (good) firewalll and can it allow the LAN requests to internet through ruleset(s).

pls note that i want to allow my LAN PCs to be able to use www,ftp, irc+chat(msn,yahoo etc).

if iptables can do all that, or with squid, i would wait for the iptables rules and/or squid config .

thanks.

hello...anybody out there , who have used these configuration...or using any of this?

i'm waiting for any response.......

Check out this thread, it should allow you to do what you are after.

http://www.linuxquestions.org/questi...hreadid=121379

Good luck!

p.s. Sorry I didn't get to this quicker... Next time try a few searches first if you are in a hurry. Not everyone reads/responds to threads that are similar in nature to already answered questions so be prepared to wait a few days before bumping a topic.. No worries.
J.

thanks JordanH...i'm going to go through that thread..

at last, somebody answered :-)

thanks.

No problem. I hope it helps.
J.

ok try this:

iptables -t nat -A postrouting -o ppp0 -j MASQUERADE

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -s ! 192.168.0.0/24 -j DROP


NOTE:

replace the network address with yours

TAAN... you should not be using those rules as a firewall. They are insecure because a spoofed ip address will be allowed to forward into your network uncontested.