Hi All,
I'm trying to get get a linux gateway/firewall setup but I have not been successful so far.

I need 2 things:

I need to foward tcp port 80 from eth1(public,static addr) to a private address on eth0 and I need the response to go back out

I need to block all traffic from any address outside of my subnet xxx.xxx.xxx.xxx/25.

I purchased Mandrake Single Network Firewall and part 1 (forwarding) was super easy. Part 2 I haven't been able to make happen. I have a paid support request in with Mandrake but that has been pending since 7/8. I'm not knocking them, but I need to get going soon.

I tried adding ipchains rule to the Mandrake SNF product but to no effect. Adding a filter rule as rule 1 somehow hoses ipchains so I can no longer even list the rules. Only if I append a rule does it take (but not work)

If any one has any suggestion on how to add something like the following to the Mandrake SNF, I would be deeply appreciative.

ipchains -A input -s ! xxx.xxx.xxx.xxx/25 -i eth1 -j DENY

Or maybe its not ipchains I need?

I have a couple of books on Linux firewalls, but I am new to setting up a firewall, hence the purchase of Mandrake SNF.

Thanks in advance for any and all time on this!

Most probably you need iptables (iptables replaced ipchains with 2.4.x kernel release)

Hi All,
I spoke with Mandrake tech support by phone and the person cleared up the situation instantly:

when I put in the deny from all outside my subset rule, it also closed down traffic to the DNS server--not on my subnet--and so trying to list rules (ipchains -L) didn't work.

So how to add the rule I need to Mandrake SNF 7.2:

- Forwarding in the tcp80 traffic was really easy using the MSNF 7.2 web-based gui.

Now for the rules.
Remeber, my situation is forward only tcp 80 and ONLY from my subnet. eth0 private;eth1 public.

/sbin/ipchains -I input 1 -s ! xxx.xxx.xxx.xxx/25 -i eth1 -j DENY

but I still need DNS which is outside the subnet so

/sbin/ipchains -I input 1 -p tcp -s xxx.xxx.xxx.xxx/32 --source-port 53 -i eth1 -j ACCEPT
/sbin/ipchains -I input 1 -p udp -s xxx.xxx.xxx.xxx/32 --source-port 53 -i eth1 -j ACCEPT

I hope this info can help someone needing a similar setup.

BTW: in case the two rules it takes me to handle DNS are clunky, they aren't the fault of Mandrake tech support--just what I cobbled together from "Linux Firewalls" and tech supports advice.