hello all...

i have, what i think, is a fairly simple question about firewall setup. basically, i'd like to know how to do it. :-) i have a dedicated machine for my firewall (pII 300, 96 ram) running slackware 8 on the 2.4.17 kernel. i read this howto: http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html but was unable to successfully configure my machine as it instructed, as i believe the problem lies in that the howto is based on the 2.2.13 kernel, not 2.4.

what i'd like to see is a tutorial, or any references, that explains how to setup a firewall more or less from scratch using iptables. i'd rather not use any prewritten scripts or apps, since i like to learn everything for myself.

my network looks like the following: 3-6 clients (all running linux with the exception of one dual booting slack and XP), cable modem, and my soon-to-be-firewall, which has two linksys nics.

any suggestions or help is much appreciated! :-)

You could start by reading all the information here:

http://www.linuxguruz.org/iptables/

I had a just the same problem half of year back. All that you need for its deciding - packet-filtering-HOWTO and, may be, NAT-HOWTO. They contain complete explanation of iptables ideology, basics and a lot of examples. Fresh copyes of this very nice and usefull manuals may be found in netfilter.samba.org - offisial site of iptables developers. And you must know as ip working, of course.
Enjoy! Good slacking!

thanx for the quick responses guys.

i looked at a few howtos regarding IP MASQing, but am still unable to get it working.

i actually have a more general question though. i have two nics on my system, one is configured by DHCP (the cable connection) the other with the internal IP of 192.168.1.1. now, what should i put as the gateway for the internal card? i was putting the IP of the external card, but whenever i reinitilize my internal card, i get "host not found: x.x.x.x" (x.x.x.x being my external IP).

any suggestions?

E-e.. What is "internal card"? If its netcard of intranet workstation, then gateway IP is intranet IP-address of your router (192.168.1.xxx in this task). If you spoke about router please tell about you IP net configuration. Or I don't undestand you?

ok, i'll just kinda restate my intentions here, because i don't think i was clear enough.

basically, i have a cable modem and am currently using a linksys cable router in order to "share" my internet connection across my network. however, i'd like to use a spare linux machine with two nics in order to replace my linksys router.

my nic configuration is as follows:

eth0 connects to the cable modem using DHCP.
eth1 connects to my internal network (intranet) with the IP of 192.168.1.1 and will function as my intranet's gateway. what i've gathered from various howtos and tutorials, is that the gateway for eth1 should be the IP for eth0. however, when i reinitilize eth1, i get an error that says, "unknown host: xxx.xxx.xxx.xxx".

so i'm just looking for some help in order to get my router/firewall setup using IP MASQ and what have you. thanx. :-)

do you know about ifcfgeth0 file or in your case ifcfgeth1 file????
Linux refers back to this file every time networking restarts so you may need to edit this file to how you prefer..... /etc/sysconfig/network-scripts im not quite sure about the location in 8 though

slackware's a lot different than redhat. it initilizes network devices in /etc/rc.d/rc.inet1 and doesn't use any network-scripts. i'm a redhat and slackware user, so i'm well versed in the differences. :-)

"gateway for eth1 should be the IP for eth0" its wrong. Route record in the routing table is attached for destination ip address of network or host. Route be associated with somehand ethX because this route physically lay from this ethX. Gateway definition is needed if network number in the destination ip is distinguished from network numbers of every network interfaces of source host.
For instance, this is routing table of my route-host (192.168.2.0 - intranet, 192.168.1.0 - DMZ, 192.168.2.6 - eth0, 192.168.1.2 - eth1):
Destination Gateway Genmask Flag Iface
192.168.2.0 0.0.0.0 255.255.255.0 U eth0
192.168.1.0 0.0.0.0 255.255.255.0 U eth1
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 192.168.1.1 0.0.0.0 UG eth1
When this host sends package to 192.168.2.1, he see in routing table and seek appropriate route. In this example its a first route and eth0 as source network interface. Gateway not needed because eth0 and 192.168.2.1 have common network address 192.168.2.0.
When this host sends package to linuxquestions.org (208.247.106.177), he use bottom route record (0.0.0.0 - any IP). He send this package to 192.168.1.1 from eth1. 192.168.1.1 is gateway and he send this packet into another ipnetwork gateway, etc.

I think you must have such route configuration.