--> Install the "ipmasq" package. <-- I already installed that one... I'll put the firewall below
echo -n "IPTables Firewall." IPTABLES="/sbin/iptables" #FLUSH echo -n " Flush all tables." $IPTABLES --flush # Flush all the rules in filter and nat tables echo -n "." $IPTABLES --table nat --flush echo -n "." $IPTABLES --delete-chain # Delete all chains that are not in default filter and nat table echo -n "." $IPTABLES --table nat --delete-chain echo ". done" echo -n " Setting up masquerading rules." # Set up IP FORWARDing and Masquerading $IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE echo -n "." $IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT # Assuming one NIC to local LAN echo ". done" echo -n " Setting rules for loopback device." # Allow loopback access. This rule must come before the rules denying port access!! $IPTABLES -A INPUT -i lo -p all -j ACCEPT # This rule is essential if you want your own computer to be able to access itself throught the loopback interface echo -n "." $IPTABLES -A OUTPUT -o lo -p all -j ACCEPT echo ". done" echo -n " Setting rules for eth0 device." # Accept established connections $IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT echo -n "." #$IPTABLES -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset #echo -n "." # Open ftp port $IPTABLES -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT echo -n "." $IPTABLES -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT echo -n "." # Open secure shell port $IPTABLES -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT echo -n "." $IPTABLES -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT echo -n "." # Open HTTP port $IPTABLES -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT echo -n "." $IPTABLES -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT echo -n "." $IPTABLES -A INPUT -p icmp -i eth0 -j ACCEPT echo -n "." echo ". done" echo -n " Setting rules for eth0 device." # Accept all incomming connections $IPTABLES -A INPUT -i eth1 -p all -j ACCEPT echo ". done" echo -n " Drop all other connection attempts." # Drop all other connection attempts. Only connections defined above are allowed. $IPTABLES -P INPUT DROP echo ". done" This is the only thing I did to secure my system, I went mad from M$ IIS so wanted to install apache w/o knowing anything from Linux. This went fine but my system isn't very secure. It's getting better ( I run KDE3.1), but I still don't know very much. So if there are any suggestions, I appreciate it very much. HTH, Willem-Jan Meijer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]