On Thu, 10 Jan 2002, Carl Buchmann wrote: > I recently discovered Debian, (I was using RedHat for a while) and I'm > very impressed with the software and it's capabilities. I want to replace > my current redhat box which is running as a firewall / Nat with a new > Debian Box. I would like to know how to configure the firewall and Nat
There are a bunch of different packages to choose from - apt-cache gave me the following results: dante-client - Provides a SOCKS wrapper for users behind a firewall. ferm - maintain and setup complicated firewall rules firewall-easy - Easy to use packet filter firewall (usually zero config) firewall-easy-doc-es - Documentation to set up easily firewalls (in Spanish) fwctl - configure ipchains firewall using higher level abstraction gfcc - GTK firewall control center ipchains - Network firewalling for Linux 2.2.x ipfwadm - Linux 2.0.x firewalling tools ipmasq - Securely initializes IP Masquerade forwarding/firewalling mason - Interactively creates a Linux packet filtering firewall. smtpd - Mail proxy for firewalls with anti-spam and anti-relay features socks4-server - SOCKS4 server for proxying IP-based services over a firewall xfwp - X firewall proxy server firewall - Script to initialise firewalls Out of that, I'd say 6 look like probable starters. I don't know how many of these are available with Potato, but at least one of them should be. > script on Debian. All I've done now is I set it up the potato and > configured it as DHCP & Apache server. I was wondering if you could help > me in any way setting up a firewall \ Nat , and the appropriate steps on > applying it to Debian. My firewalls go into a script, /etc/init.d/firewall, which is symlinked to from /etc/rcS.d/S40firewall, and /etc/rc[06].d/K99firewall, although the shutdown links aren't particularly necessary. This means that the firewall script will get run on startup at the same time (in fact, one step before) the network interfaces get brought up, which gives no unprotected time. Documentation abounds on firewalling, from a quick Google I got http://lyre.mit.edu/~powell/debian-howto/ipmasq.html http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO/ (these three links were pulled off Google - it's a wonderful search engine, I suggest you try it out). and of course, if you want bleeding edge (2.4 kernels) http://netfilter.samba.org/documentation/index.html#HOWTO > my network configuration is as follow > > WWW ------- eth0---- Debian Box ---- eth1----- HUB Did you want ports other than 80 to be available, for, say, FTP traffic? Or was WWW traffic all you wanted to allow? At any rate, you want to block incoming connections, do NAT on internal traffic heading for the outside, and not a lot else (assuming the Debian Box isn't a server to the outside world of any sort). -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer [EMAIL PROTECTED]
