On Thursday 09 October 2003 01:42 pm, Ralph Zeller wrote: : Jamie, : : Hope your father's ok.
Thank you. He's been better... but then, hes also been worse. Right now, im happy with stable! : : I don't know that much about iptables; there seem to be plenty of tutorials : about it, though. The main thing is to close everything up, then be very : selective about what comes through. yeah... lots! and most are very long, kind of confusing and dont really help the average person setup something simple and quick. I remember ipchains was pretty easy to get a decent firewall/gateway up. : : Here's a iptables trick I use home. Sometimes the win98 box does dial-up : directly, sometimes the linux box dials and shares. : : I set win98 to use my linux box as the default route and DNS server--which : it overrides for direct dialup from win98. When the linux box dials out, : I use fetchmail/postfix for getting/sending mail, but I didn't want to have : to adjust any settings on the win98 box for this. thats an interesting solution to that issue... Ive never really used the windows box to dialup, except to try juno/netzero as an ISP... the rest of the time I go through the linux box. A lot of use use fetchmail, I havnt really seen much need for it myself, I use the smtp of my local ISP, and pop from anywhere... no need to buffer my mail on the firewall... : : These lines in my firewall setup will intercept the connections from the : win98 box for getting and sending mail, regardless of which isp I choose : to connect. : : Ralph : : echo "Rerouting to this smtp server, my isp won't relay from here." : iptables -A PREROUTING -t mangle -p tcp --dport 25 -s ! 192.168.2.50/32 \ : -j MARK --set-mark 444 : iptables -A PREROUTING -t nat -m mark --mark 444 -j DNAT \ : --to-destination 192.168.2.50 : : echo "Intercept connections to pop.myisp.IP.net, reroute to this host." : iptables -A PREROUTING -t mangle -p tcp --dport 110 -s ! 192.168.2.50/32 \ : -j MARK --set-mark 555 : iptables -A PREROUTING -t nat -m mark --mark 555 -j DNAT \ : --to-destination 192.168.2.50 Nice... If I manage to get some of these linux things online and this looks quite worthy of the firewall section! Jamie : : On 10/09/03 12am, Jamie wrote: : > we have a small bit of notes on his talk, they can be found at: : > http://www.euglug.org/minutes.phtml?id=31 : > and you can download his notes at: : > http://www.euglug.org/stateful_firewalling.tgz : > Unfortuantly, If cory gives it again, I wont be able to attend :( : > Id like to see cory do more presentations, he seems to have quite the : > nack for it. Ralph's presentation was pretty decent too. : > : > Jamie : > : > On Thursday 09 October 2003 08:56 pm, Jack Morgan wrote: : > : On Wed, 2003-10-08 at 20:45, Linux Rocks ! wrote: : > : > So... Im finally getting around to setting up a firewall with : > : > IPTables. I havent built a firewall since IPMASQ, and well.. IPTables : > : > is a bit different. Cory did a great presentation a few years back, : > : > one of the best presentations weve had I might add :) : > : : > : Well, perhaps we could have another presentation on iptables? I'd also : > : like to hear more on the topic. : : _______________________________________________ : EuG-LUG mailing list : [EMAIL PROTECTED] : http://mailman.efn.org/cgi-bin/listinfo/eug-lug -- How should I know if it works? That's what beta testers are for. I only coded it. -- Attributed to Linus Torvalds, somewhere in a posting _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
