LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-14-2003, 10:07 AM   #1
Pisces107
Member
 
Registered: Dec 2003
Distribution: Slackware Current, Gentoo , Debian SID
Posts: 90

Rep: Reputation: 15
config for LAN/Internet Sharing and firewall


hi,
can anypne help me out in my security related problem, which as follows:

my config --> I have of PCs running linux and Windows XPs. i need iptables configuration for the following situation:

1. LAN browing among Windows and Linux ( for that I have Samba & it's working).

2. I have internet on PC, running Redhat 8, i want to share it's internet connection with LAN. (i have dialup access.)

3. A reliable and strong firewall for the PC connecting to internet and for the whole LAN.

since i'm newbie to Linux and to iptables(of course) , i need advice in this regard.
any help and any links to related site/forum would be appreciated.
thanks.
 
Old 12-14-2003, 02:05 PM   #2
raheelforme
LQ Newbie
 
Registered: Dec 2003
Posts: 6

Rep: Reputation: 0
try the squid to share internet with other pc and you should have a dns server it is beter i will send you a squid .conf file to help you in configuratin and the cange you need to do in your configuration you use the iptable to secure your server realy am using a squid and it is very good sorry now am not in my office tommorow mornning i will sent it for you am in networking forum now you can start the xinted service and configure your dns service in any pc linux or 2000 server
 
Old 12-14-2003, 03:15 PM   #3
Pisces107
Member
 
Registered: Dec 2003
Distribution: Slackware Current, Gentoo , Debian SID
Posts: 90

Original Poster
Rep: Reputation: 15
thanks raheel, but is there any way i can use just the iptables for fireall/internet connection sharing? i heard / read about NAT/MANGLING and masquerading...
does iptables really a (good) firewalll and can it allow the LAN requests to internet through ruleset(s).

pls note that i want to allow my LAN PCs to be able to use www,ftp, irc+chat(msn,yahoo etc).

if iptables can do all that, or with squid, i would wait for the iptables rules and/or squid config .

thanks.
 
Old 12-16-2003, 08:53 PM   #4
Pisces107
Member
 
Registered: Dec 2003
Distribution: Slackware Current, Gentoo , Debian SID
Posts: 90

Original Poster
Rep: Reputation: 15
hello...anybody out there , who have used these configuration...or using any of this?

i'm waiting for any response.......
 
Old 12-16-2003, 10:57 PM   #5
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Check out this thread, it should allow you to do what you are after.

http://www.linuxquestions.org/questi...hreadid=121379

Good luck!
 
Old 12-16-2003, 11:00 PM   #6
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
p.s. Sorry I didn't get to this quicker... Next time try a few searches first if you are in a hurry. Not everyone reads/responds to threads that are similar in nature to already answered questions so be prepared to wait a few days before bumping a topic.. No worries.
J.
 
Old 12-16-2003, 11:08 PM   #7
Pisces107
Member
 
Registered: Dec 2003
Distribution: Slackware Current, Gentoo , Debian SID
Posts: 90

Original Poster
Rep: Reputation: 15
thanks JordanH...i'm going to go through that thread..

at last, somebody answered :-)

thanks.
 
Old 12-17-2003, 08:39 AM   #8
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
No problem. I hope it helps.
J.
 
Old 12-18-2003, 03:20 AM   #9
TAAN
Member
 
Registered: Sep 2003
Posts: 31

Rep: Reputation: 15
ok try this:

iptables -t nat -A postrouting -o ppp0 -j MASQUERADE

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -s ! 192.168.0.0/24 -j DROP


NOTE:

replace the network address with yours
 
Old 12-18-2003, 04:23 PM   #10
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
TAAN... you should not be using those rules as a firewall. They are insecure because a spoofed ip address will be allowed to forward into your network uncontested.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet sharing with one lan adapter mlin Linux - Networking 5 05-07-2009 03:10 AM
Need help setting up a LAN with internet connection sharing oxicottin Linux - Networking 5 02-21-2006 07:26 AM
sharing internet over home lan! 94gsr Linux - Networking 13 05-04-2004 04:10 AM
sharing internet connection on a LAN masand Linux - Networking 1 07-25-2003 04:43 PM
Internet Sharing through Lan varunbihani Linux - Software 8 07-20-2003 09:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration