Hi Adam
> I have the perfect machine to use as a Linux based ipchains firewall.
>
mouss, Mikael, here we go again. :-) Sorry about the pun, Adam, no offence.
> I think that I want to put it between the LAN Modem and the switch.
>
Correct.
> Would I use IP forwarding on the firewall? Does this mean that the
> firewall
> would also be the gateway that the clients refer to?
>
Yes on both counts. You're using the Linux box as a (static) packet filter,
i.e. it acts like a conventional router but has the ability to deny, reject
or accept (note that this is ipchains/ipfwadm terminology) packets based on
a number of characteristics in the TCP, UDP, IP and ICMP headers. In your
setup, it might also perform (n:1) NAT (Network Address Translation), which
is called IP Masquerading in Linuxspeak. For this to work for some of the
uglier protocols (such as FTP and Quake), it needs some modules that look at
the payload of the packets. Note that these modules are probably not built
with security in mind, but are rather focused on getting the protocols to
work. For NAT to work with outside-initiated connections, further measures
are required, e.g. ipmasqadm and iproute2.
> I've read the IPCHAINS
> HOWTO and the NET HOWTO, but I guess I still don't completely understand
> how
> the clients will be able to comunicate to PC's on the internet. For now, I
> don't even care about firewalling (ACCEPT all), I just wonder how you
> would
> put this Linux box in place to be a firewall.
>
Depends on your specific setup. What IP addresses are you using on the
inside and does the ISDN router perform NAT? Or do you want the Linux box to
do that instead?
> Any help you could provide would be GREATLY appreciated. If this is too
> novice a question, could you please point me in the right direction.
>
Sure, no problem. Maybe we should take it off the list, though.
Regards
Tobias
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
