Re: [expert] stupid IPMASQ question

Fri, 09 Jun 2000 06:17:30 -0700 

"Joseph S. Gardner" wrote:

> Civileme wrote:
>
> > "Joseph S. Gardner" wrote:
> > > OK, just for grins.  Firewalling aside, I have a DSL connection to one
> > > machine with 2 NIC's.  One (eth0) goes to the DSL modem the other (eth1
> > > aka 192.168.100.1) goes to a hub.  A second machine with single NIC
> > > (eth0 aka 192.168.100.2) goes to same hub.  Can I simply assign the
> > > gateway on machine #2 to the second NIC on machine #1 (eth1 -
> > > 192.168.100.1)?
> >
> >
> > Box # 1 gateway device is eth1
> >
> > Box # 2 gateway is 192.168.100.1
> >
> > on box 1
> >
> > in /etc/rc.local at the end of the file
> > ipchains -P forward DENY
> > ipchains -A forward -i eth1 -j MASQ
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > Then either do the horrid reboot or type those commands in a
> > terminal as root on box 1
> >
> > Now go surf on netscape from box 2 in relative safety.
> >
> > You can get firewall scripts that lock down box 1 from several
> > sources--others on the list know where they are, but this will
> > get you started.
> >
> > Civileme
>
> Errr, wouldn't the gateway for box one be eth0 ( the one going to the DSL modem??)
>
> --
> Joseph S. Gardner
>

Civ.,

Copied your script exactly and got nuttin' BUT last night I re-read and rethought it
some and made the following changes.

Box#1
    hub connection = eth1 (192.168.100.1)
    gateway = eth0 (xx.xxx.xx.xx) - supplied by ISP

Box#2
    hub conection = eth1 (192.168.100.2)
    gateway         = Box#1 eth1 (192.168.100.1)


Box#1 rc.local
 ipchains -P forward DENY
 ipchains -A forward -i eth0 -j MASQ       # note eth0 was eth1
 echo 1 > /proc/sys/net/ipv4/ip_forward


All is wondermus and box#2 is up and crusin'

The question now is - How secure is this?? it would seem that since at this time I'm
not running a web/mail server (yet) that this should keep out the bad guys.

Thanks for all the help and advice.

--
Joseph S. Gardner
Senior Designer / Technical Support
Kirby Co.,  Cleveland, OH
[EMAIL PROTECTED]

Linux is like a wigwam...
No windows, no gates.
Apache inside

Registered linux user #1696600
ICQ #63389227

Reply via email to