On Tue Jan 18 2000 at 01:10, Sandeep Jyoti wrote:
> Is there any documentation on Ipchains other than the FAQ. Or a script
> that would make the job of configuring a firewall easier?
http://freshmeat.net and do a search on ipchains. Lots around to
choose from.
Also, ipchains has a HOWTO and a home page.
Something coming from experience...
I've looked at a few such beasts... useful, interesting (some more or
less than others). But in the end it a firewall has to be tested,
verified and tweaked by hand.
Beware that the inherent complexity and sublties of the requirements
of an even modest firewall can often (usually!) be beyond any
(non-customised) configuration tool. Not that it is difficult to
understand how it works (not at all really, especially if one has a
good grasp on the nature of TCP/IP), but building a config tool to be
the swiss army knife to build any sort of firewall is not a trivial
task.
There's no escaping the fact that firewall rules need to be thought
out carefully, and there are some things to know about what and what
not to do to achieve your aims. The config tool becomes little more
than a simple interface to doing it by hand. And in the end, the
string of ipchain config commands you end up needed is in the long run
just as easy to set up by hand than with any config tool.
You HAVE to understand what's going on to configure a firewall, no
escaping this. But just because you HAVE to do something doesn't mean
you can't have fun doing it.... :)
> On Mon, 17 Jan 2000, Brian Howe wrote:
>
> > "Sumpter, Lloyd" wrote:
> > >
> > > > Hi, folks!
> > > > I have a few questions about upgrading to RedHat 6.1.
> > > >
> > > > First, the gateway/firewall:
> > > > 1. Can I install RedHat 6.1 without either KDE or Gnome (i.e. just with
> > > > X and fvwm)? The firewall normally isn't used as a workstation, so the
> > > > fancy user interface would just get in the way.
> > > > 2. I'm now using IP-Masquerading. Will this work with RedHat 6.1 "out of
> > > > the box", or do I have to re-complile the kernel, etc.?
> > > >
> > > > Next, the workstation:
> > > > 1. Can I do an "upgrade" and not loose all my files?
Hint (from a LOT of experience) - do not do upgrade installs. The
result is far from pleasing. Old stuff gets left behind, old config
files get use for newer versions of daemons and no longer work. Lots
of ugliness. Save the important stuff off into /home (which is in
it's own parition, yes??) and then do a full custom install making
sure that every partition use for the base filesystem is reformatted
(except for the /home partition where everything is archived). When
you are finished, you can use your saved data as the basis to
reconfigure your new system.
> > > > 2. I don't see gcc in the packages list - do I have to go to egcs now?
On systems with egcs installed, gcc (almost always) exists as a hard
link to it. Eg, on my redhat 6.1 box...
$ ls -il /usr/bin/{egcs,gcc}
124096 -rwxr-xr-x 3 root root 64604 Sep 9 07:11 /usr/bin/egcs
124096 -rwxr-xr-x 3 root root 64604 Sep 9 07:11 /usr/bin/gcc
Some file, inodes hard-linked to two different names. (Going by the
number of links to the inode, there also appears to be a third
filename involved).
> > > > Thanks for any help or advice!
> > > > Lloyd
> >
> > 1. Yes, you can install w/o KDE or Gnome. Choose the "custom" install
> > and choose your packages.
> >
> > 2. You will have to recompile the kernel from a new install. Also, it is
> > no longer ipmasquerading, but ipchains. I have a copy of an article that
> > explains the whole thing. It even has a cut - paste section that you can
> > make your scripts with. Let me know if you want it.
> >
> > Next, the workstation:
> > 1. Yes... but you will have to reconfigure it again.
> > 2. Not sure on this one... check the ftp mirrors for which packages are
> > listed.
> >
> > Hope this helps.
Cheers
Tony
