If you use ip_masq internal network have privite ip address(eg. 192.168.X.X or 10.X.X.X) In this case machines from internal network canot access directly the internet.All traffic from internal network will be masquaraded.
I read your firewall script. If you wish to create a good packet fillter you must start width: deny all all and insert roules for speciffic hosts or ports. This is a safe way for creating a firewall script, but is not optimised. A useful option of ipchains is -i (interface). You can accept any traffic from internal interface and deny any trafic from external interface. This option will be simplify your firewall script ! Have a nice day ! Jay Kelly wrote: > > Hello Group, > I have been running ipchains on a Debian Potato for awhile now. Everythin > g seems to be working great. I do however wonder how secure me firewall > really is. Being a newbie to linux I have a few questions. I am using > a proxy and when I tell me clients not to use the proxy they still can. > Should that be happening? Also I want to use the mod ip_masq_icq, > ip-masq-ftp etc. Shouldnt I make a rule to DENY all outbound internet > traffic make the most of the mod's? Bassically I want a firewall that > not only filters incoming but outgoing. I have attached my firewall > script. Please look at it and give me your opinion. Any help would > be great. > > -- > > If Windows is the answer, then I want the problems back! > > Powered by Debian GNU/Linux. > http://www.debian.org > > > ------------------------------------------------------------------------ > > firewallName: firewall > Type: Plain Text (text/plain)
