Douglas Maxwell wrote: >> I'm going to set this box up as a caching DNS server for the >> machines inside of it. After that do I work NAT (ipmasq?) or FW >> (ipchains?) ? > > You may not need either, if it is just an internal, caching DNS. The > DNS application config will take care of forwarding DNS queries > appropriately. Does it need to be accessible by hosts on the Internet? > Is it even forwarding traffic at all? If it is forwarding traffic, > does it need to do any NAT? > > If you do need a firewall, I would use iptables...although this > presumes you are on at least kernel 2.4. If you are on 2.2, you are > stuck with ipchains. Iptables is worth the upgrade ;-) > > If you don't have experience with iptables, see > http://iptables-tutorial.frozentux.net/. I also have some stuff up on > iptables and fwbuilder at my site, http://www.turinglabs.com. > > Doug
Shorewall is also quite handy and easy to set plus it has good documentation.
