Felix Miata wrote:
OK... let's move on to the IPmasq stuff... (changed subject line).
Bryan D Howard <[EMAIL PROTECTED]> wrote:
> rc.local is, unfortunately, not a good place to start up your
> firewall. It runs much too late in the boot process. It's important
> to configure ipchains *before* you enable your network interfaces so
> that there won't be an interval during which you're not protected.
>
> The startup script /etc/rc.d/init.d/ipchains which is part of
> ipchains-1.3.9-6mdk.rpm is set up correctly to be started *before* the
> network startup script runs. And, of course, it doesn't shut ipchains
> down until after shutting down the network interfaces.
Bryan, Felix is using an older distro... I'm not even sure it has rpm...
> > > /sbin/ipchains -P forward DENY
> > > /sbin/ipchains -A forward -s 192.168.0.0/16 -j MASQ
>
> > This is minimal NAT... you probably want to firewall your network... There are
> > probably many different ways to do it; but here's what I used to have...
>
> > /etc/rc.d/rc.local:
> > #rc.firewall script - Start IPMASQ and the firewall
> > /etc/rc.d/rc.firewall
>
> So do I put the two ipchains statements into /etc/rc.d/rc.firewall and
> then discover what else belongs in there by reading the links below?
>
> > /etc/rc.d/rc.firewall:
> > See http://rob.acol.com/~wlug/files/ipchains-firewall/ipchains-firewall.htm
> > and http://www.linux-firewall-tools.com/
>
> What I've read above so far is like reading command reference manual.
> Yuck!
Well... you can use the two ipchains statements which profide no protection, or
you can use the tools to build a firewall (which can contain over 500 lines_...
I'll send you an old example privately...
Pierre
