Morning everyone.

Just have a couple of quick questions on IPTables/Masq. I'm new to a Linux firewall, so i'm trying to get started.

First off, you need to; echo 1 > /proc/sys/net/ipv4/ip_forward

Make sure iptables is running in runlevels 2, 3 and 5.

One question I do have is setting up the ethernet interfaces. I'm connected via cable modem and receive an IP via a DHCP server.
Would it be easiest to just specify the settings on both of my NIC's during installation? (BTW, using RH 7.3)

At this time, im still learning how to make rules for IPTables and IPMasq.

Thanks all.

Tar

what exactly are you trying to do?

Good point. I guess I should be more specific.

Basically, I have been working with *BSD firewalls for a couple of months now. I have used PF and IPF.

I wanted to learn Linux firewalls so this is where I am at now.

In a nutshell, i'm trying to find out the basic requirements to get IPTables setup and running on boot. For example, in OpenBSD, you needed to turn on a couple of services to enable PF and NAT. I was trying to find the equivelents for Linux, specifically RH.

Soo, basically, I was trying to find out what services I need to turn on that. That is why I was asking about;

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

Am I correct in assuming that so far?
Now I need to learn how to build rules and specify my interfaces.

All help and input is greatly appreciated.

Tarballed

Good start... have a read of this tutorial and then a look at Firestarter and Shorewall packages.

Thank you peter_robb.

At least I know I am on the right track. It's a little different coming from a *BSD type firewall setup to Linux. They both do the same thing, but it's a matter of getting the syntax correct.

Here is a real quick question. I am on a cable modem and I receive a IP via a DHCP server from my ISP. Would it be best to configure both nics, eth0 and eth1 during initial install? Seth eth0 as my external and set it to receive my IP via dhcp and then configure eth1 as my internal LAN Gateway address?

Just looking for suggestions.

Thanks again...

Tarballed

When you use the word "gateway", you need to remember which machine it applies to.
For the firewall itself, it can be either the ISP assigned gateway/router address in their network,
or the ip number your external interface has been assigned, or the external interface name, eth0
For dhcp, you will usually get an ISP assigned number...

For machines behind the firewall, the local firewall lan (eth1) ip number is their gateway setting...

For the rules, the only thing you don't know for certain is the dhcp assigned stuff.
It is possible to configure the firewall rules without this info using interface names & -j MASQUERADE rules, so that the rules can be turned on before the interface comes up, and left on, even if the dhcp lease is renewed.