On Sun, 19 Dec 1999, Boaz Rymland wrote:
> > if you promiss to read some about IPCHAINS and a masquarading howto or
> > two, I'll give you the script I use, which makes my machine both a
> > masquarader and a firewall.
>
> (*finger raised politely*) I already read it!, can I have those scripts,
> please ?... ;-)
wow... what an overwhelming demand! :-)
ok, here's a quick and dirty edit of my script (intended for fixed
IP) into a dialup script. there's a big fat disclaimer on top, and don't
run it if you don't understand what it does, since it needs a lot of
editing.
the script should be dropped in /etc/rc.d/init.d and fired up like the
other scripts there (in appropriatre runlevels, link S11firewall to it)
http://www.scso.com/linux/firewall.init.html
comments are welcome (I don't pretend to think it's perfect myself!)
and if you ask how I made the VIM coloring stick, you can do it to, by
passing your shell scripts (or sources, whatever) through this:
gvim -f +"syn on" +"so $VIMRUNTIME/syntax/2html.vim" +"wq" +"q" filename
(run VIM and enter ":help 2html")
> 1. Set up hardware support on both machines for the ethernet cards
> (possible kernel recompilation - but only if your current kernel don't
> recognize the network hardware).
most probably just modules recompilation.
> 2. Set both win & linux machines IP numbers (on the ethernet cards - not
> on Dial up adapters) (if you wanna do it with proper IP numbers - the
> network should have the 192.168.x.x network address, e.g. the Linux eth0
I preffer the 10.0.0.0/8 Class A :-)
> If you dont have prior experience with that stuff use "netconf" of
> "linuxconf" (and pray it's bugs wont havoc your machine :) ... [I cant
I wouldn't trust linuxconf for anything, let alone my server's security.
> 3. Set up masquerading on your linux machine. that's easy (the basic is
> merely 3 (right?) ipchains commands. [ it's desribed, as Ira said, both
> in the IPChains and Masquerading HOWTOs]
one IPCHAINS command and one command to open the forwarding. note that
most of the above script is a packet filter "firewall" rather than just
a masquarader. I have seen machines cracked into WHILE CONNECTED AS
DIALUP! if you remove the parts that deal with masquarading and eth0,
this is still a highly recommended script for every girl and boy on this
list!
> 4. I strongly recommend that you use TCPWRAPPER for your linux gateway
> so "friendly" people from the net couldn't telnet, for example, to your
> home machine while you could do so from the windoze machine!. setting up
> basic firewall rules should not be too difficult too (but I personally
> haven't implemented that yet).
if you want to do it real good: remove in.telnetd, rshd, talkd and
whatever from the machine. in fact I don't run inetd at all on any
machine anymore. and for remote terminal I only use ssh.
> BTW, it all makes me wonder - is there a "home networking HOWTO"
> somewhere ?
you didn't write it yet! :-)
--
Ira Abramov ; whois:IA58 ; www.scso.com ; all around Linux enthusiast
fortune: too many tries
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
