Re: [expert] IPChains and Masqerading script help!!

Fri, 08 Sep 2000 00:32:33 -0700 

There is a nice aplication for that ungly work. It's calles 'gfcc', it
think it's installed by default (at least in my Mandrake 7.1).

It's very simple to edit the rules and you can export directly to a sh
script.

Besides I know that there is file for the rules '/etc/sysconfig/ipchains'
which is read by /etc/rc.d/.../ipchains' but I don't know the format for
that file.

        Good Luck. Berni

On Fri, 5 May 2000, Stefan Srdic wrote:

> >
> 
> I've recently attempted to write my own IP routing script (IPchains and 
>IPmasquerading). I have some minor problems with my initial script and need some help 
>from an
> experienced Linux user.
> 
> First off, I have a cable modem for a receiving internet connection with an IP 
>address that is provided via DHCP, second, I want my machine to serve as an outgoing 
>DHCP
> server for the other machines on my network. The client machines will be using a 
>class "C" network address and the DHCP server will only allow a fixed amount of 
>clients to
> exist on the network for security reasons!
> 
> I wrote a script using several resources on the web, I have yet to read the 
>IPMasquerading HOW-TO and the IPChains HOW-TO but plan to in the near future. 
>Currently I am
> trying to figure out how in the hell to enable to outgoing DHCP server on my 
>computer! I have tested out this script with no success! What should I add or change 
>in order to
> make it work? IP port forwading is enabled in the kernel and this script is executed 
>at boot up.
> 
> Here is my script: rc.firewall
> 
> #!/bin/sh
> # rc.firewall - IPChains and IPMasquerading, internet firewall/routing script
> #
> echo -n "Setting IP Chains..."
> # modules for IPMasquerading
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_raudio
> /sbin/modprobe ip_masq_irc
> /sbin/modprobe ip_vdolive
> # execute IP Forwading
> echo "1" > /proc/sys/net/ipv4/ip_forward
> #  enable host DHCP
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> # IPChains routing information
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.1/24 -d 192.168.0.1/24 -j ACCEPT
> /sbin/ipchains -A forward -s 192.168.0.1/24 -d 192.168.0.2/32 -j MASQ
> /sbin/ipchains -A forward -s 192.168.0.1/24 -d 192.168.0.3/32 -j MASQ
> echo "Done!"
> 
> 
> BTW, I did not write any firewall rules as of yet, I know basically how to and which 
>ports to block secure and I will do so once the Masquerading issue is solved!
> 
> 
> 
> 

-- 
La frase c�lebre para hoy es ....

El Tag se ha fugado con un GIF de Judith Masco...

        -----------------------------------------
        |       Jos� Antonio Jim�nez Berni      |
        |        C/ M�sico Ziryab, 17 3-2       |
        |           14005   C�rdoba             |
        |                Spain                  |
        |                                       |
        |        Phone: +34 957413730           |
        |        GSM:   +34 656255563           |
        |            ICQ: 28939390              |
        |       e-mail: [EMAIL PROTECTED]     |
        -----------------------------------------

Reply via email to