-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's a seperate package for ip masquerading?
Coming from another distro (Mandrake 7.2) where it must have been bundled up with the ipchains RPM, I just had a firewall/ masq script that does, among other things : ## Masquerading firewall timeouts $IPCHAINS -M -S 14400 60 600 ## Set up kernel to enable IP masquerading echo 1 > /proc/sys/net/ipv4/ip_forward ## Set up kernel to handle dynamic IP masquerading echo 1 > /proc/sys/net/ipv4/ip_dynaddr ## Don't Masquerade internal-internal traffic $IPCHAINS -A forward -s $IN_NET -d $IN_NET -j ACCEPT ## Don't Masquerade external interface direct $IPCHAINS -A forward -s $OUT_NET -d $REMOTENET -j ACCEPT ## Masquerade all internal IP's going outside $IPCHAINS -A forward -s $IN_NET -d $REMOTENET -j MASQ ## Set Default rule on MASQ chain to Deny $IPCHAINS -P forward DENY ## Allow all connections from the network to the outside $IPCHAINS -A input -s $IN_NET -d $REMOTENET -j ACCEPT $IPCHAINS -A output -s $IN_NET -d $REMOTENET -j ACCEPT I just copied that script to Debian and run it during startup. On Tuesday 08 January 2002 01:36 pm, Jason Stechschulte wrote: > Background: > I got DSL and wanted to set up a debian box to act as a > router/firewall for a couple of workstations on my home LAN. At the > time, I knew nothing about iptables or firewalls, so I installed > ipmasq and figured I would read up on firewalls and iptables later. > > More recent background: > I recently set up a web server on my home LAN, and wanted to give the > outside world access to it. So I read some firewall/iptables howtos, > and to my surprise, it all seems much simpler than I imagined. I > quickly added a .rul file in /etc/ipmasq/rules and my firewall box > was rerouting tcp port 80 traffic to the internal lan just fine. > > My question: > Is ipmasq really worth using? It almost seems more difficult keeping > track of multiple .rul files, plus ipmasq has many .def files that > seem to set up rules also. From the looks of it, it seems like it > may be easier to just set it all up manually myself and have full > control over everything rather than having to learn to do things the > ipmasq way. > > Does anyone else have thoughts on this? Many of the example iptables > scripts have everything in one file, which would probably make > maintaining it much simpler. From what I read, the biggest advantage > of ipmasq is that it starts everything automatically for you and > without it, you would have to write something to load your rules. I > really don't see this as a problem, though, so does anyone have any > suggestions? Should I ditch ipmasq and do things manually or learn > the ipmasq way? - -- +------------------------------------------------------------+ | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org:81 | | | ! "Fair is where you take your cows to be judged." ! ! Unknown ! +------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8O0y8jTz5dS9Us5wRAqr4AJ4mS65tdhGCe0wM+olp8bS2B2OPNgCghMzS 6stuGkloZWeJGo21Od+hDGw= =PFqw -----END PGP SIGNATURE-----
