Jamie, Hope your father's ok.
I don't know that much about iptables; there seem to be plenty of tutorials about it, though. The main thing is to close everything up, then be very selective about what comes through. Here's a iptables trick I use home. Sometimes the win98 box does dial-up directly, sometimes the linux box dials and shares. I set win98 to use my linux box as the default route and DNS server--which it overrides for direct dialup from win98. When the linux box dials out, I use fetchmail/postfix for getting/sending mail, but I didn't want to have to adjust any settings on the win98 box for this. These lines in my firewall setup will intercept the connections from the win98 box for getting and sending mail, regardless of which isp I choose to connect. Ralph echo "Rerouting to this smtp server, my isp won't relay from here." iptables -A PREROUTING -t mangle -p tcp --dport 25 -s ! 192.168.2.50/32 \ -j MARK --set-mark 444 iptables -A PREROUTING -t nat -m mark --mark 444 -j DNAT \ --to-destination 192.168.2.50 echo "Intercept connections to pop.myisp.IP.net, reroute to this host." iptables -A PREROUTING -t mangle -p tcp --dport 110 -s ! 192.168.2.50/32 \ -j MARK --set-mark 555 iptables -A PREROUTING -t nat -m mark --mark 555 -j DNAT \ --to-destination 192.168.2.50 On 10/09/03 12am, Jamie wrote: > we have a small bit of notes on his talk, they can be found at: > http://www.euglug.org/minutes.phtml?id=31 > and you can download his notes at: > http://www.euglug.org/stateful_firewalling.tgz > Unfortuantly, If cory gives it again, I wont be able to attend :( > Id like to see cory do more presentations, he seems to have quite the nack for > it. Ralph's presentation was pretty decent too. > > Jamie > > > On Thursday 09 October 2003 08:56 pm, Jack Morgan wrote: > : On Wed, 2003-10-08 at 20:45, Linux Rocks ! wrote: > : > So... Im finally getting around to setting up a firewall with IPTables. I > : > havent built a firewall since IPMASQ, and well.. IPTables is a bit > : > different. Cory did a great presentation a few years back, one of the > : > best presentations weve had I might add :) > : > : Well, perhaps we could have another presentation on iptables? I'd also > : like to hear more on the topic. > _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
