LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-13-2003, 08:55 AM   #1
AWyant
LQ Newbie
 
Registered: Sep 2003
Location: Paris, MO
Posts: 12

Rep: Reputation: 0
Question Newbie needs help with IPtables and firewall


I'll try to give as much info as possible. I'm currently building my first Linux machine using RH9. The purpose is to be a front line defense for my internet connection at my work. I will have several layers behind these initial layers, but they all hinge on this thing running properly.

I want to have the machine connect via eth0 to the Internet (static IP) and pass that info (IPTables) through eth1 (DHCP) to a hardware router (Linksys that will assign the IP's). That will then run into a Win NT/XP machine with 2 NIC's, and so on and so forth.

I've got Firestarter downloaded, and have read about trying to set it up as a NAT router or proxy through that. But for security reasons, I think that a full blown IP Masq or Snat would be better.

I've got the RH9 Bible, and it discusses doing this, but I don't think I'm getting it all absorbed through the reading. Plus I've noticed that some of the coding isn't quite right (have had errors that I've found the correct coding on google searches). I've used this to try to set up Lokkit. I think I did manage to get that set up (don't know for sure). I plan on running Firestarter behind that.


So, IPtables. I want to set it up to forward Internet only (webpages, email, AIM, etc...), but I don't want to allow
anything else past. Also, do I run Masq or snat since I'm having the router assign IP's from eth1 to the NT/XP machine?

I've been to a few other forums with info about Squid and other things. But they refer to IP Chains and IPTables almost interchangablly, plus I think I'm making it more difficult than it should be. I know I've got IPtables installed, and do not have IP Chains at all. I've checked that out already.

Does anyone have the code I need to run from a terminal screen directly. Do I need to make any changes to any files? I know when I installed Tripwire I had to do a whole slew of changes to the twpol file and comment out a lot of things. Simple things like that I can handle. Otherwise, I'll need very detailed instructions.

Thanks again for taking the time to help.
 
Old 09-13-2003, 03:27 PM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
I'm NOT an iptables expert, but there are a few things in your post that probably need to be addressed because it looks as if you have a couple of things confused.

First, don't worry about ipchains. Iptables is the replacement for ipchains so if you have iptables installed, you're good to go. And just as a note, iptables and ipchains are NOT compatible. You should have one or the other installed, not both. Some of the older RH versions (7.x, I think) had ipchains installed and frequently people would try to upgrade to iptables without first removing ipchains. Usually frustration resulted.

As far as I know, both lokkit and Firestarter are graphical front ends for iptables, so if you are using both to set up your firewall, they may be messing with the other's script. I'd pick one and stick with it.

Do a search here on NAT and MASQUERADE and you'll find many examples of scripts to set up iptables. Also be sure to read unSpawn's sticky thread in the Security forum.

Finally, the best place I know of to get iptables info is at Frozentux . Pretty much everything you need to know is in there, somewhere.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
iptables firewall ninjaz Linux - Networking 2 10-20-2005 10:19 AM
iptables and firewall J4b0l Linux - Security 5 10-10-2005 08:02 AM
iptables vs. rc.firewall FiveFlat Linux - Security 2 08-13-2004 03:39 PM
IPTABLES firewall Vs rc firewall netguy2000 Linux - Security 7 02-28-2004 04:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration