Charles,
This information has been helpful in setting up a similar situation that I have,
but I have the following question in regards to IPCHAINS and a VPN connection.
At work we connect into a Nortel Networks Contivity box for our VPN. Given that
IPSEC generally doesn't like to get NAT'd around, is there a configuration which
will allow a VPN to pass through a linux box running IPCHAINS?
Thanks,
Jonathan
Tetlow Charles MSgt 12CS/SCBBN wrote:
> Frank,
>
> Hook your eth0 to your service provider and put one of your "real IPs" on it
> so it can talk to the world. Hook your workstations behind the eth1 using
> the private network address space like you mentioned - 192.168.x.x. Be sure
> that the workstations are addressed in the same network space as the eth1
> and that their gateway is the eth1 address. (Typically the eth1 on the
> Linux box would be 192.168.0.1 and the workstation's gateway would be the
> same.)
>
> Next, setup the Linux box to do Network Address Translation with the IP
> Chains configuration:
> ipchains -A forward -s 192.168.0.0/16 -d 0/0 -j MASQ
> That single line will turn on NAT for everything behind the eth1 with
> addresses in your private network address space.
>
> The only other thing you HAVE to do is insure forwarding is turned on.
> Check the file /proc/sys/net/ipv4/ip_forward. It should contain the single
> character "1". That sets IP Forwarding to on. Change it to one if it is
> set to zero. And you should be off and running.
>
> Now, you don't have ANY protections setup at this point. You have only got
> the box working as a packet forwarding gateway with full Network Address
> Translation. If you want to provide "firewall" protections with that box
> also, you have to start implementing IP Chains rules to protect yourself.
> And of course, be sure that all non-essential services are turned off on
> that box.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
