> I used IPMasq which is just fine but i'm never sure how to add a firewall to > filter port access, my concern is that it is fiddling with ipchains so how can > i be confident my stuff is getting added and will not interfere.
Log dropped packets for a while, and test your firewall. I used to add rules for common illegal packets to reduce the logging, once I'd understood where and why they were being transmitted (from internal hosts). > I noticed in > the unstable distro that there is a new ipchains package for load/saving > ipchain configurations and also ferm which deals with some of the tricks > associated with being confident the firewall config is useful. Could i use > them or are they not designed to play friendly with ipmasq? They save the state, will probably work, but personally I preferred to keep all the firewall stuff in one script, that started with a flush, and was added to rc.d scripts. It let me keep the 3 rules for each tunnel, in one place, and easy to copy the script onto fallback firewall host. > The second part to my problem is that of port forwarding, i want to expose an > internal system ssh port through the firewall and also an internal http server > from time to time. You need to enable masquarading for the host/port combo you wish to tunnel through the firewall, then set up an mfw rule for the initial connection, and then a rule for the redirect. The docs which explain ipmasqadm, have a HOWTO which is good enough to get your (simple) requirements up without too much bother. Use a search engine to find it. Rob
