LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-14-2002, 09:54 AM   #1
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Rep: Reputation: 30
Quick Q's on IPTables/Masq


Morning everyone.

Just have a couple of quick questions on IPTables/Masq. I'm new to a Linux firewall, so i'm trying to get started.

First off, you need to; echo 1 > /proc/sys/net/ipv4/ip_forward

Make sure iptables is running in runlevels 2, 3 and 5.

One question I do have is setting up the ethernet interfaces. I'm connected via cable modem and receive an IP via a DHCP server.
Would it be easiest to just specify the settings on both of my NIC's during installation? (BTW, using RH 7.3)

At this time, im still learning how to make rules for IPTables and IPMasq.

Thanks all.

Tar
 
Old 12-14-2002, 10:05 AM   #2
JStew
Member
 
Registered: Oct 2002
Location: North Atlanta
Distribution: LFS
Posts: 229

Rep: Reputation: 30
what exactly are you trying to do?
 
Old 12-14-2002, 11:53 AM   #3
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Good point. I guess I should be more specific.

Basically, I have been working with *BSD firewalls for a couple of months now. I have used PF and IPF.

I wanted to learn Linux firewalls so this is where I am at now.

In a nutshell, i'm trying to find out the basic requirements to get IPTables setup and running on boot. For example, in OpenBSD, you needed to turn on a couple of services to enable PF and NAT. I was trying to find the equivelents for Linux, specifically RH.

Soo, basically, I was trying to find out what services I need to turn on that. That is why I was asking about;

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

Am I correct in assuming that so far?
Now I need to learn how to build rules and specify my interfaces.

All help and input is greatly appreciated.

Tarballed
 
Old 12-14-2002, 02:18 PM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Good start... have a read of this tutorial and then a look at Firestarter and Shorewall packages.
 
Old 12-14-2002, 04:21 PM   #5
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Thank you peter_robb.

At least I know I am on the right track. It's a little different coming from a *BSD type firewall setup to Linux. They both do the same thing, but it's a matter of getting the syntax correct.

Here is a real quick question. I am on a cable modem and I receive a IP via a DHCP server from my ISP. Would it be best to configure both nics, eth0 and eth1 during initial install? Seth eth0 as my external and set it to receive my IP via dhcp and then configure eth1 as my internal LAN Gateway address?

Just looking for suggestions.

Thanks again...

Tarballed
 
Old 12-15-2002, 05:47 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
When you use the word "gateway", you need to remember which machine it applies to.
For the firewall itself, it can be either the ISP assigned gateway/router address in their network,
or the ip number your external interface has been assigned, or the external interface name, eth0
For dhcp, you will usually get an ISP assigned number...

For machines behind the firewall, the local firewall lan (eth1) ip number is their gateway setting...

For the rules, the only thing you don't know for certain is the dhcp assigned stuff.
It is possible to configure the firewall rules without this info using interface names & -j MASQUERADE rules, so that the rules can be turned on before the interface comes up, and left on, even if the dhcp lease is renewed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A few very noob quick Q's SDmac Linux - Newbie 2 03-30-2005 08:29 AM
FTP using TLS via masq / iptables RetroJohn Linux - Networking 6 10-29-2004 05:50 AM
Lil' IPTABLES-MASQ QUESTION azornoz Linux - Networking 3 10-17-2003 04:55 PM
two quick q's zvzi Linux - Newbie 4 09-09-2003 09:03 PM
iptables masq eth0,1,2,3 garvald Linux - Networking 0 08-06-2003 07:37 AM


All times are GMT -5. The time now is 10:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration