/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
On Fri, 11 Oct 2002 22:12:05 +0100 John Beardmore <[EMAIL PROTECTED]> wrote: > I want to set up a firewall and figured I'd use the built in GUI tools: > > K -> Configuration -> Networking -> Netconf I would recommend against this. GUIs require, well X, and X is in itself a security concern. If you're going to make the system a firewall/gateway, a good first step is removing X altogether. > Quitting Netconf doesn't seem to restart the firewall daemon, so I've > tried killing it and restarting it by hand. When I do this I get the > message: > > "ipchains: Protocol not available" Sounds like it's trying to use ipchains and not iptables. I don't know for certain, but I would think that Mandrake 8.1 uses a 2.4.x kernel and thus would use iptables and not ipchains. Sounds like an outdated tool. > I see on http://ipmasq.cjb.net/ the wording > > "Please note that IPCHAINS is no longer the primary > firewall configuration tool for the 2.4.x kernels. The new kernels > now use the IPTABLES toolkit though the new 2.4.x kernels CAN > still read and enable old IPCHAINS or IPFWADM rulesets via a > compatiblity module". That's a bit misleading. There is a compatibility module, but it is very limited in what it supports. You're much better off using iptables and a 2.4.x kernel. One major benefit over ipchains is stateful routing. > I want to use masquerade on my Internet ippp0 interface but not on the > others which are either the in-house LAN, or virtual LANs belonging to > VmWare. That can be done. > I'm beginning to think the GUI has a mind of its own. Most of them do, another good reason to avoid them. > Am I better off editing the configuration files by hand ? If so what's > the best file by file How-To ? Depends on which configuration files your editing. There are a number of firewall creation tools and scripts. Normally the documentation/support lists for them are the way to go. > Is there a better tool for generating the firewall rules with 2.4 > kernels ? I've used PM Firewall in the past, but I don't know if there > is something better for Mandrake 8.1 ? Depends on your tastes. I'm sure it's no surprise that I recommend my firewall script (http://asgardsrealm.net/linux/firewall) -- Jamin W. Collins _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
