> -----Original Message----- > From: Shlomi Fish [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 14:28 > To: Linux-IL > Subject: Some NAT Questions > > > I am now connected to ADSL by using and ADSL router. The router serves as > a Network Address Translator (NAT). It takes the address 192.168.1.1 > (which serves as the gateway to the Internet) and talks to the ADSL modem. > Now my dual boot Win98/Linux machine is connected to the router via > Ethernet and gets the address 192.168.1.100 (or 192.168.1.101 if it was > connected second). A Win98 laptop gets the other address and is connected > via a Phone Network Adaptor. > > Now, I have two questions: > > 1. How do I set up a listening server socket on the Linux machine that > will be accessible to the outside world. If the IP address of the NAT > subnet is 80.x.y.z then I want to bind to 80.x.y.z:8080 or whatever. The NAT enable you to forward messages as needed. You did not mentioned if the ISP gives you static address and if those addresses are 80.x.y.z. Without static addresses you would have lot of work to do. Else, just add the appropriate NAT line, something like: create protocol=tcp inside_addr=192.168.1.101:80 outside_addr=0.0.0.0:80 Which means every message that arrives to the modem address on port 80 should be translated to the computer address using same port. The outgoing messages are translated respectively. > > 2. I'd like to configure a firewall on the Linux box. I used Bastille > Firewall for my plain ADSL connection, but in recent versions of Mandrake > it was superceded by shorewall. It has some configuration files with lots > of > comments under /etc/sourcewell, which I suppose I can read and tweak for > my needs. > > What I want to accomplish is that no server ports on the Linux box will be > accesible besides an Apache port (that can be anything) which I'd like to > explicitly allow or disallow. Furthermore, I want the Win98 box to be only > able to connect to the Linux box for this same Apache port and for the SMB > services. Now, which parts of these configuration are already handled by > the NAT? Can I do what I want to do using Shorewall? The NAT will restrict everything coming of the net except what is open and /etc/hosts.allow and /etc/hosts.deny should be good enough for internal protection. Please pay attention that SMB has long history of security problems. I would you recommend you to use the a proxy server for the Windows machine (it would be even better to have that proxy inside your private network). > > My Linux system is a Mandrake 9.0 system running on a Pentium III. > > Regards, > > Shlomi Fish > > Eddie > > ---------------------------------------------------------------------- > Shlomi Fish [EMAIL PROTECTED] > Home Page: http://t2.technion.ac.il/~shlomif/ > Home E-mail: [EMAIL PROTECTED] > > "Let's suppose you have a table with 2^n cups..." > "Wait a second - is n a natural number?" > > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED]
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
