I'd start with a very simple ruleset for ipchains, and then work my way to
secure.
For instance, start with this:
#!/bin/sh
#
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
/sbin/modprobe ip_masq_portfw.o
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -F
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
--8<--cut here
After that runs, make sure everything works.
Once that works, you can tighten up the firewall, and make it secure.
I highly recommand the "Linux Firewall and Security Site" at
http://www.linux-firewall-tools.com/linux/.
He's got a firewall script builder that kicks butt.
Russ
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Klar Brian D Contr
MSG/SWS
Sent: Friday, April 14, 2000 5:19 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [expert] IP Masq problems (Resolved somewhat)
Well last night I double checked everything on the Win box. DNS, Gateway,
IP. Everything is setup as before. This machine is my gf's. ftp to outside,
great. Telnet to Linux machine, fine, print fine. Checked route on Linux,
fine. Kept starting and closing IE. Nothing, the restarted IE and just went
to some site like redhat.com, and it made it there.
However now that it can surf, I cant telnet into my Linux machine from here
at the office. Any Ideas why I gain one and lose another??
-----Original Message-----
From: Alan Shoemaker [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 13, 2000 6:57 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] IP Masq problems
Brian....have you checked your settings in Win98 networking?
Like the gateway ip address, is it still there? When a change
in the network environment occurs Windows is famous for losing
settings and losing links to drivers. A good idea might be to
remove the tcp/ip bindings to your network card and then
reinstalling them (you'll need your windows installation cd for
that).
Alan
Klar Brian D Contr MSG/SWS wrote:
>
> I have my Mandrake 6.1 set up to IP Masq. My Win 98 box sees the linux box
fine, samba is great by IE will not surf. I have used this same
configuration for a while now, but recently had to reinstall Linux.
Networking is on, IP forwarding is on. Win has Linux ip as gateway. They
ping from one to another no problem. What happened that it has stopped
working ??
>
> Brian D. Klar - CVE
> OTS
> WPAFB
> (937)257-5773
> 937-973-3125 (Pager)
