Eric; The reason why I have disabled iptables during installation is simple, could not ssh, could not do webmail or client connection from the same subnet. Another post has pointed to my network vulnerability if somebody hacks to my wireless, so I'm converted. If I use your addition to iptables, I think that my internal webmail and client should work as well. Am I correct ? (of course I will try as soon as I can).
George > > Let me start by agreeing with Ron's and Erik's replies. No disagreement > here. However, let me attempt to be a little more direct to the question. > > First and foremost, the iptables toaster rules not only work behind, but > are > considerate of a NAT'd router. The only exception I've found to this is > when > trying to ssh in from a local address. I had to add the following to the > toaster's firewall.sh in order to be able to run a headless toaster (ssh > in > from a local address): > # shubes 5/16/06 - accept packets from local net > iptables -A INPUT -s 192.168.???.0/255.255.255.0 -j ACCEPT > # > ## Drop outside packets with local addresses - anti-spoofing measure > > Other than that, the toaster firewall rules work just fine, and provide an > additional layer (think onion) of security. > > That being said, there may very well be some toaster firewall rules that > never fire because they're redundant with your router's rules. If you care > to take the time (and risk), feel free to remove them. The question, > though, > is why? Redundancy is not always a bad thing, especially when it regards > security, and when there's no noticeable difference in performance. > > So, do you *need* the additional firewall on the toaster? > Well, not necessarily, but it won't hurt (with the exception noted above). > Should you *use* the additional fireall on the toaster? > By all means yes. If you have a reason not to, I'd like to hear of it. > -- > -Eric 'shubes' > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
