|
Click to See Complete Forum and Search --> : IPTABLES jackbegone 06-04-2001, 11:42 PM I have a server with 7.1 RED Hat installed...I have a cable modem with the external modem.Two NIC cards.I tried configuring ipchains & iptables...I never have done this before...I need to know exactly how to set up ipchains or iptables(pref. iptables) so that I can have a web page,mail server, internal network, and so that all my machines can access the internet through the network....THANKS A LOT PEOPLE!!! :confused: prince_kenshi 06-05-2001, 02:17 AM I'll assume that your internal network is eth0 and the internet is eth1. echo "1" > /proc/sys/net/ipv4/ip_forward iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE That should do it for getting everyone on the internet and should leave your services open to the internet. It includes no security at all however. For setting up a real firewall, I suggest you read my NHF to get a good idea of what to do. Mickv 06-05-2001, 07:37 AM Those few lines for iptables will share all ports without restriction? Also, will that work with RedHat 7 or do you need the updated RedHat 7.1 for this to work? Thanks, Strike 06-05-2001, 08:05 AM They should work for any version of iptables, regardless of distribution or version of distribution. ltrain 06-06-2001, 12:08 AM After doing my research I found 3 ways to accomplish the task you are seeking (using same distro and version). 1) You can manully create your own customized firewall script. (assumes you installed the firewall during install) 2) Run startx and use Lokkit (very, very basic script but a wizard will walk you through the setup) 3) Or, you can use the GUI interface called firewall-config (also from startx) --this is the option I chose and from there I was able to customize my own firewall, gave me a good foundation to start from. Hope this helps -- good luck! prince_kenshi 06-06-2001, 12:39 AM Originally posted by Mickv: <STRONG>Those few lines for iptables will share all ports without restriction?</STRONG> Correct... partly. Other computers on the network can access the outside world with any source and destination port. FTP probably won't work though unless you load a special module for that because FTP uses two ports. But the outside world cannot access any computer on the local network except the gateway. When I said it lacks security, I meant for the gateway. No computer can talk to one of the computers behind the gateway unless that computer talks to them first. For this reason, certain applications won't be fully effective. For instance, people on ICQ won't be able to send you files. You can still talk to them though. I think it beats the hell out of a proxy. justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|