I have set up a linux box with to NICs to act as a router/DHCP server/firewall for my home network. It is connected to a cable modem on one interface (eth0), and to my home LAN on the other interface (eth1...via a switch), and sharing the internet connection with the LAN, using IP masquerading. I am using iptables as my firewall. The router's IP address is 192.168.0.1 on eth1.

1)I would like to allow internal computers and servers to be able to use bittorrent and browse web pages, but hear nothing else, besides what is required for that, from the outside world.
2)I would like to run a squid proxy on the router on port 3128, and pass all web page requests from the internal network through it.
3)I would like to block everything else. I will use port-knocking to open up any additional ports when they are needed. This includes not showing any other open ports on the server (like SSH) to internal computers, unless they knock on them to open them up.

What would my firewall setup script look like for something like this? How can I make sure to only allow the abovementioned types of traffic? What do I need in my FORWARD chain and nat table to make sure things are working properly with the IP masquerading? Anything important I should make sure is in my squid.conf file?

thanks,
jrtayloriv

I found this lecture on net_filter. The last part is about port-knocking.
http://lion.cs.uiuc.edu/courses/cs49.../lecture13.ppt

Here is a LinuxJournal article on Port Knocking.
http://www.linuxjournal.com/article/6811

This link is one of the definitive resources on iptables. Take a look at it and if you need more assistance repost. http://iptables-tutorial.frozentux.n...-tutorial.html

The frozentux tutorial is exactly what I needed thanks.

-jrtayloriv

You're quite welcome! Enjoy and good luck!