Hi...
I've installed LM7.2 with "medium" security. I would have chosen a higher
level but I found LM's documentation on security unclear and confusing.
I know that I need to close some ports -- and I also want to use my Linux
host to masquerade IPs for a couple of other machines. Ideally, I'd like
closed ports to DENY rather than REJECT, and I'd like logging of connection
attempts.
My impression is that DrakConf's "internet connection sharing" command runs a
DHCP server and masquerades IPs. This is more than I need (DHCP) but it works
so I'll use it.
I'm also looking a pmfirewall <http://www.pointman.org/> to provide a
firewall. It looks well-documented and well-supported, and is based on
IPCHAINS.
Questions:
1. Does "internet connection sharing" create any kind of a firewall on its
own? I notice that if you use the command more than once, you get a warning
that "an existing firewall" has been detected...
2. Is there any overlap between "internet connection sharing" (as implemented
by LM) and pmfirewall? pmfirewall asks whether you're running a DHCP server
and masquerading IPs, so I think it generates a script that takes into
account these things. I just don't want to wind up in a situation where
they're both applying IPCHAINS rules and perhaps conflicting.
3. If you have any other advice about how to protect a 1-Linux / 2-Mac home
network using the Linux box, two ethernet cards and a cable connection, I'd
be very interested.
Many thanks.
M.
