Ok, I'm setting up a Linux box (Mandrake 8) at home. The intention is to use it as a router/firewall between my lan (currently 1 Windows box) and the internet (via a ppp modem connection). Can anyone suggest a good place to look for examples of rule sets (iptables) that would help me to set this up. Basically, I want to block all connections coming from the internet, allow SSH into the box from the lan and NAT/masqerade everything from the lan to the internet. I have played around with the Bastille-netfilter script that comes with Mandrake but I cant seem to make it work with more than one interface. I have the beginnings of a rule set below if anyone wants to comment. Cheers, Mark. # Load the NAT module (this pulls in all the others). modprobe iptable_nat ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp # In the NAT table (-t nat), Append a rule (-A) after routing # (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to # MASQUERADE the connection (-j MASQUERADE). iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Turn on IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward ## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block # iptables -A FORWARD -j block - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
