Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Westell 890 DSL router, can't make the beastie behave as a bridge, so it's currently setup at a 192.10.10.xxx NAT router.
Built a RH9 box to do iptables forwarding w/ Arno's script (I like it) and two network cards.
What problems will I have (if any) if I use both. Replacing the westell with a DSL bridge is an option, but I'd rather not replace the Westell if I don't have to. I simply don't care for it's lack of options on port forwarding/blocking, etc so I want to use the Linux box as my firewall. I've read that double NAT is "a bad thing" but why? There's going to be light traffice on the box, but I need to know if this is going to cause me more problems than it's worth.
I haven't had any trouble when I've done this before... in fact I run a double NAT in my workshop through a workstation running ethereal and etherape (etc) so I can monitor internet-bound traffic easily. Very nice when I'm fixing Windows PCs... ;-)
The useful thing for me is being able to carefully monitor a PC (since they usually come into the workshop loaded to the hilt with spyware/viruses) and if it begins talking a bit too much on the internet, I have a couple shell scripts handy to cut off access at the touch of a button
if you're interested in building bridges / routers / gateways / whatever you kids call them these days, try OpenBSD. Their pf syntax is much easier on the eyes and brain than iptables syntax, which is just a command as opposed to a parsed, human-readable rule set. For instance, if I want to pass connections in on port 6346, in iptables I would have something similar the following in a script somewhere:
*looks around for a "victim" to install OpenBSD on...*
I really like using Etherape from http://etherape.sourceforge.net/ - lovely graphical view of the network and you can get an idea of quantity and protocols. If you need to watch in very specific detail, try out iptraf at http://iptraf.seul.org/
Also, if you need it, Ethereal at http://www.ethereal.com/ which is a very powerful tool for capturing and logging packets.
I like to run Etherape if I'm not immediately at my machine as you soon know if something's gone wrong
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.