Still playing with my firewall project, and having a lot of fun. Here is what I've done so far. When ppp0 dials into the internet, it makes a connection, and runs ip-up script, which I've added the following commands:
# allow internal boxes out through the 3c509b card, all ports. ipchains -A input -i eth0 -j ACCEPT # allow http in ipchains -A input -d $1 80 -j ACCEPT -p tcp # allow ftp in ipchains -A input -d $1 21 -j ACCEPT -p tcp # allow pop3 in ipchains -A input -d $1 110 -j ACCEPT -p tcp # allow smtp in ipchains -A input -d $1 25 -j ACCEPT -p tcp # allow mta in #ipchains -A input -d $1 ??? -j ACCEPT -p tcp The above configures what tcp ports I allow in my firewall. This is good, this works, and that's swell. Now, the above ports have to be routed or forwarded to hidden private IP addresses, like so: # forward http ipportfw -A -t $1/80 -R 172.16.0.20/80 # forward ftp ipportfw -A -t $1/21 -R 172.16.0.20/21 # forward pop3 ipportfw -A -t $1/110 -R 172.16.0.20/110 # forward smtp ipportfw -A -t $1/25 -R 172.16.0.20/25 # forward mta #ipportfw -A -t $1/??? -R 172.16.0.20/??? Then, I close the fireall with : # close the rest of the linux box ipchains -A input -i ppp0 -j DENY The ipportfw commands fail, returning an error message as follows: Setsockopt failed: protocol not available. I scanned through the manpages, but unclear what this error means. I'm running Debian 2.0 (hamm?) and only want to use this PC as a firewall. Thanks for any assistance. See, I'm making progresses :) Frederic Breitwieser Bridgeport, CT 06606 Homebrew Automotive Website: http://www.xephic.dynip.com/ Wanted - RWD Buick Flywheel that fits the 3.8L / 4.1L! -