Stein Vrale wrote:
>
> James Michael Keller wrote:
>
> > Well it still works if I ignore linuxconf's firewall screen and just
> > put them in the rc.local file. I'd like to see linuxconf use something
> > like an /etc/rc.d/rc.firewall script, so that they could also be hand
> > edited if needed.
>
> I support that idea :-)
Yeah, my feeling is that all linuxconf configurations, besides
linuxconf specific ones ( modules, etc ) should be stored in some
"common" place. Like ppp managment - its now using redhat's scripts if
it's a redhat system, etc.
Most firewalling scripts / rules set programs make use of something
akin to rc.firewall
That way if linuxconf is uninstalled, or not used normaly - a simple
link from rc.local to rc.firewall will implement the rule set
Thanks for the config help, got a working masq setup now.
Had to set 4 rules:
Src IP device dest IP device
192.168.10.2 any 0.0.0.0 any
192.168.10.3 any 0.0.0.0 any
0.0.0.0 any 192.168.10.2 any
0.0.0.0 any 192.168.10.3 any
This works fine for masq'ing the other two boxes through my ppp link.
However my understanding of the linuxconf set up is that the following
should be used for better security:
Src IP device dest IP device
192.168.10.2 eth0 0.0.0.0 ppp0
192.168.10.3 eth0 0.0.0.0 ppp0
0.0.0.0 ppp0 192.168.10.2 eth0
0.0.0.0 ppp0 192.168.10.3 eth0
As such the logic is all packets origionating from 192.168.10.2 on eth0
will be forwarded at the firewall to the default gateway 0.0.0.0 on ppp0
And the reverse, 0.0.0.0 on ppp0 to 192.168.10.2 along eth0 would also
be true.
However when I tried this - the masq'ed boxes lost connectivity.
Changing it back to any device restored the connections.
Sounds like it's time to grab the source tree and have a look at the
firewalling code.
Is anyone working on the documentation for the firewalling section?
There appears to be one screen for all the firewall screens.
I'm not sure how documentation is handled, but there needs to be a way
to tie in help screens in a somewhat dynamic way. So each menu option
has it's own block in the help system, then the top level could have
it's own block giving general info. That way as each option is added it
automaticaly gets an entry in the help screen, and the person workin on
that section of code could then include documentation as they go along.
Just a thought. In the future linuxconf should strive to actualy make
linux as "idiot easy" as Microsoft "thinks" it's networking software is
:P
--
===========================================================
James Michael Keller | [EMAIL PROTECTED]
http://www.radix.net/~jmkeller
-----------------------------------------------------------
Contents (c)1998 James Michael Keller. All rights reserved
===========================================================
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
