On Tue, 22 Feb 2000, Stuart Ballard wrote: >=As a first pass at configuring this thing (I don't plan on leaving it >=like this, but I'm at the stage where I just want *something* that >=works) I set it up using: >= >=echo "1" > /proc/sys/net/ipv4/ip_forward >=ipchains -P forward MASQ >=
Dear Stuart, I have similar hardware configuration but first I was thinking about security (this was only reason why I am with Linux - easy to configure what you really want). Please look on attached shell script I run on IP-UP event by PPPD. It works not too bad for last couple of month (for me!). If you will have a lot of messages in the logs than you need to adjust some rules. I understand it is not perfect. The idea is from one Web site (sorry I missed a name). --- Regards, Pavel Epifanov. [EMAIL PROTECTED] , [EMAIL PROTECTED]
#!/bin/sh # # IPCHAINS-ALL # ########################################### IPCHAINS="/sbin/ipchains" # Allow forwarding echo "1" > /proc/sys/net/ipv4/ip_forward ########################################### # Incoming packets from the outside network $IPCHAINS -F input # Outgoing packets from the internal network $IPCHAINS -F output # Forwarding/masquerading $IPCHAINS -F forward ########################################### # Allow MASQ connections $IPCHAINS -A forward -s 10.0.0.0/255.0.0.0 -j MASQ # ########################################### # Disallow any UDP incomming connections # SSH $IPCHAINS -A input -p udp -s 0.0.0.0/0 53 -i ppp0 -j ACCEPT # BBC real-audio $IPCHAINS -A input -p udp -s 0.0.0.0/0 6970 -i ppp0 -j ACCEPT # ??? WEB Browsing $IPCHAINS -A input -p udp -s 0.0.0.0/0 2140 -i ppp0 -j ACCEPT $IPCHAINS -A input -p udp -d 0.0.0.0/0 31789 -i ppp0 -j ACCEPT # # CIPE test $IPCHAINS -A input -p udp -s 0.0.0.0/0 31121 -i ppp0 -j ACCEPT $IPCHAINS -A input -p udp -s 0.0.0.0/0 31122 -i ppp0 -j ACCEPT # # default - REJECT $IPCHAINS -A input -p udp -i ppp0 -l -j DENY # ########################################### # Disallow any outside incomming connections # RPC $IPCHAINS -A input -p tcp -d 0.0.0.0/0 111 -i ppp0 -l -j DENY # SMTP $IPCHAINS -A input -p tcp -d 0.0.0.0/0 25 -i ppp0 -l -j DENY # Printer $IPCHAINS -A input -p tcp -d 0.0.0.0/0 515 -i ppp0 -l -j DENY # ??? $IPCHAINS -A input -p tcp -d 0.0.0.0/0 840 -i ppp0 -l -j DENY # DNS $IPCHAINS -A input -p tcp -d 0.0.0.0/0 53 -i ppp0 -l -j DENY # NFS $IPCHAINS -A input -p tcp -d 0.0.0.0/0 2049 -i ppp0 -l -j DENY # Concert? $IPCHAINS -A input -p tcp -d 0.0.0.0/0 786 -i ppp0 -l -j DENY # ??? #$IPCHAINS -A input -p tcp -d 0.0.0.0/0 1113 -i ppp0 -l -j DENY #$IPCHAINS -A input -p tcp -d 0.0.0.0/0 1114 -i ppp0 -l -j DENY #$IPCHAINS -A input -p tcp -d 0.0.0.0/0 1115 -i ppp0 -l -j DENY #$IPCHAINS -A input -p tcp -d 0.0.0.0/0 1116 -i ppp0 -l -j DENY # # default - ACCEPT till TCP wrappers $IPCHAINS -A input -p tcp -i ppp0 -j ACCEPT # ########################################### #Set telnet, www and FTP for minimum delay - OUTPUT $IPCHAINS -A output -p tcp -d 0/0 www -t 0x01 0x10 $IPCHAINS -A output -p tcp -d 0/0 ftp -t 0x01 0x10 # Set ftp-data for maximum throughput $IPCHAINS -A output -p tcp -d 0/0 ftp-data -t 0x01 0x08 #Set telnet, www and FTP for minimum delay - FORWARD $IPCHAINS -A forward -p tcp -d 0/0 www -t 0x01 0x10 $IPCHAINS -A forward -p tcp -d 0/0 ftp -t 0x01 0x10 # Set ftp-data for maximum throughput $IPCHAINS -A forward -p tcp -d 0/0 ftp-data -t 0x01 0x08 ########################################### # /usr/bin/logger -s IPCHAINS up. ###########################################