[Techtalk] moving to iptables
Carla Schroder
carla at bratgrrl.com
Mon Aug 4 22:07:40 EST 2003
On Monday 04 August 2003 9:21 pm, rocketgirl wrote:
> I take care of a RH 7.1 server at a school. The server was installed as
> a fire wall between the main school network and administration so that
> internet could be shared off of one adsl modem. So the system looks
> like this:
>
> adsl---->school net------>RH firewall and internet (2 eth cards eth0
> towards school network and eth1 towards admin)------>admin
>
> I used ipchains at the time to set up a rudimentary firewall and to
> implement ipmasquerading.
>
> Now I want to put Mandrake 9.1 in place of RH 7.1 and I want to use
> iptables. I'm looking to put together a much more secure system. Is it
> possible to ipmasq with iptables like I could with ipchains? Could
> someone point me in the direction of some good tutorials to help me with
> this migration and the names of some really clear--books for dummys?
> Thanks in advance.
>
> Wendy
>
iptables is ever so much better than ipchains, because it is stateful, and yes
you can masquerade. In netfilter/iptables it is called NAT- network address
translation. Here are three simple lines to enable masquerading:
# modprobe iptable_nat
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# echo "1" > /proc/sys/net/ipv4/ip_forward
You can run these from the command line, in this order, for testing. Once you
get your rules figured out, put 'em in a script.
It's complex, because TCP/IP networking is complex. It can take some study to
get up to speed, but it is definitely worth it. Here are some articles that
may help you get started:
Building Firewalls with iptables, Part 1
http://networking.earthweb.com/netsecur/article.php/2213171
Building Firewalls with iptables, Part 2
http://networking.earthweb.com/netos/article.php/2228641
Linux IP Masquerade HOWTO
http://www.ibiblio.org/mdw/HOWTO/IP-Masquerade-HOWTO/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.7 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list