elite_syntax
06-07-2003, 03:06 PM
I was told i could network with linux use one eth0 and internet shareing on a dial-up is that true?Thjat was told i could do.But not sure how i could setup my firewall script.:confused:
Click to See Complete Forum and Search --> : networking with linux prob
serz
06-07-2003, 04:55 PM
Yes you can.
For internet sharing in my network I use MonMotha's IPTABLES firewall (http://monmotha.mplug.org/firewall/index.php).
Later.
For internet sharing in my network I use MonMotha's IPTABLES firewall (http://monmotha.mplug.org/firewall/index.php).
Later.
elite_syntax
06-07-2003, 05:19 PM
I want to write my own script.I don't want to use someone script that they made.
je_fro
06-07-2003, 05:42 PM
Learn IPTABLES.
(Like I said before...) :D
(Like I said before...) :D
elite_syntax
06-07-2003, 05:51 PM
That why i am come in here to learn from my iptables mistakes i make.But i get a hard time about it.
je_fro
06-07-2003, 06:12 PM
Just read the documentation about iptables and masquerade:
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-6.html
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
Also try this out:
http://iptables.1go.dk/
If you have specific questions, feel fto ask. :D
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-6.html
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
Also try this out:
http://iptables.1go.dk/
If you have specific questions, feel fto ask. :D
robert0380
06-09-2003, 07:38 AM
man you guys suck with helping people out....dude,
post your iptables rules and i'll help you. for now here are some pointers:
dial up interface is probably called ppp0 and you want to share
on eth0, here is how to share...this is NOT secure, well a little:
give eth0 an ip of something like 192.168.1.1
#!/bin/bash << atleast on redhat its /bin/bash
IPTABLES="/sbin/iptables" ## modify to fit your path
NETIFACE="ppp0" # the modem
LANIFACE="eth0" # the network card
LANIPS="192.168.1.0/24" ## internal network range
echo 1 > /proc/sys/net/ipv4/ip_forward ## SHOULD BE DONE AFTER EVERY REBOOT
$IPTABLES -P FORWARD DROP ## drop forward by default
$IPTABLES -P OUT ACCEPT ## allow all outgoing from router
$IPTABLES -P INPUT DROP ## locks down router input
ok those are the policy rules, very strict...
### ALLOW internet connections ####
$IPTABLES -A INPUT -m state --state ESTBLISHED,RELATED -j ACCEPT
##### NATing (sharing the connection to the net) #####
$IPTABLES -A POSTROUTING -t nat -i eth0 -p ppp0 -j MASQUREADE
# that rule changes the source ip on a packet to the the net ip
#### FORWARDING ######
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ## forward established, related stuff
$IPTABLES -A FORWARD -s $LANIPS -j ACCEPT ## forward anything that originated internally
these rules can go in a file called rc.firewall and then you can
put a call to it in your rc.local to make the script run everytime
you boot up the machine.
set client machines to have ips of 192.168.1.X, gateway of
192.168.1.1 and mask of 255.255.255.0
find out the DNS servers of your isp and use those as
the client's DNS server also
if you want to host a web server or something on a client machine
there are rules for DNATing (destination nat) too and you
can add rules to allow some incomming connections or certain
ports to your router or forwarding of certain ports (again DNATing).
if you have any more questions post back.
sorry you got nothing but RTFM responses.
now, you should read the docs or post here if something isnt clear, i'll help you out man....also check out www.linuxquestions.org for a lot of info on the subject...you'll find several posts on this topic there too.
post your iptables rules and i'll help you. for now here are some pointers:
dial up interface is probably called ppp0 and you want to share
on eth0, here is how to share...this is NOT secure, well a little:
give eth0 an ip of something like 192.168.1.1
#!/bin/bash << atleast on redhat its /bin/bash
IPTABLES="/sbin/iptables" ## modify to fit your path
NETIFACE="ppp0" # the modem
LANIFACE="eth0" # the network card
LANIPS="192.168.1.0/24" ## internal network range
echo 1 > /proc/sys/net/ipv4/ip_forward ## SHOULD BE DONE AFTER EVERY REBOOT
$IPTABLES -P FORWARD DROP ## drop forward by default
$IPTABLES -P OUT ACCEPT ## allow all outgoing from router
$IPTABLES -P INPUT DROP ## locks down router input
ok those are the policy rules, very strict...
### ALLOW internet connections ####
$IPTABLES -A INPUT -m state --state ESTBLISHED,RELATED -j ACCEPT
##### NATing (sharing the connection to the net) #####
$IPTABLES -A POSTROUTING -t nat -i eth0 -p ppp0 -j MASQUREADE
# that rule changes the source ip on a packet to the the net ip
#### FORWARDING ######
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ## forward established, related stuff
$IPTABLES -A FORWARD -s $LANIPS -j ACCEPT ## forward anything that originated internally
these rules can go in a file called rc.firewall and then you can
put a call to it in your rc.local to make the script run everytime
you boot up the machine.
set client machines to have ips of 192.168.1.X, gateway of
192.168.1.1 and mask of 255.255.255.0
find out the DNS servers of your isp and use those as
the client's DNS server also
if you want to host a web server or something on a client machine
there are rules for DNATing (destination nat) too and you
can add rules to allow some incomming connections or certain
ports to your router or forwarding of certain ports (again DNATing).
if you have any more questions post back.
sorry you got nothing but RTFM responses.
now, you should read the docs or post here if something isnt clear, i'll help you out man....also check out www.linuxquestions.org for a lot of info on the subject...you'll find several posts on this topic there too.
robert0380
06-09-2003, 07:44 AM
again note that the rules are very strict, you wont even be able to
ping the linux box.
check out this post from LQ for a really good set of rules
for a locked down firewall (this firewall doesnt include NAT or
FORWARD rules though and its not intended for newbies to
just play with but it's a great script to learn from....seeing as how
you really wanna learn)
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=61681
if you use that, you would have to modify it a little so dont just
throw it in and pray it works....like i said though, it's a great
reference.
ping the linux box.
check out this post from LQ for a really good set of rules
for a locked down firewall (this firewall doesnt include NAT or
FORWARD rules though and its not intended for newbies to
just play with but it's a great script to learn from....seeing as how
you really wanna learn)
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=61681
if you use that, you would have to modify it a little so dont just
throw it in and pray it works....like i said though, it's a great
reference.
je_fro
06-09-2003, 09:17 AM
Originally posted by robert0380
man you guys suck with helping people out....
sorry you got nothing but RTFM responses.
.
Whatever, Jack....:rolleyes:
I've helped this dude out and posted rulesets for him/her in other threads. I like LQ a lot, too...do you work for them? :eek:
man you guys suck with helping people out....
sorry you got nothing but RTFM responses.
.
Whatever, Jack....:rolleyes:
I've helped this dude out and posted rulesets for him/her in other threads. I like LQ a lot, too...do you work for them? :eek:
homey
06-09-2003, 09:46 AM
man you guys suck with helping people out....dude,
Everyone can rest easy now that you are here. :) If you read the first part of his post, you can see that he didn't even believe me that you can use ppp0 as the external connection and you will only need one nic to connect to the local network.
As far as making your own scripts, I go by example. The site I posted has a lot of examples. http://www.linuxguruz.com/iptables/ (http://www.linuxguruz.com/iptables/ )
Even if you use something cool like Firestarter, you can look at the iptables and see what kind of stuff they put in there.
It is not unreasonable to ask people to read up on things especially when we have told them several times what to look for and where to look for it.
It is unreasonable to keep asking for help when you are not willing to try any of the advice.
Everyone can rest easy now that you are here. :) If you read the first part of his post, you can see that he didn't even believe me that you can use ppp0 as the external connection and you will only need one nic to connect to the local network.
As far as making your own scripts, I go by example. The site I posted has a lot of examples. http://www.linuxguruz.com/iptables/ (http://www.linuxguruz.com/iptables/ )
Even if you use something cool like Firestarter, you can look at the iptables and see what kind of stuff they put in there.
It is not unreasonable to ask people to read up on things especially when we have told them several times what to look for and where to look for it.
It is unreasonable to keep asking for help when you are not willing to try any of the advice.
robert0380
06-09-2003, 03:43 PM
my bad.
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.