The new program to do firewalling, masquerade, portforwarding etc is iptables
(kernel 2.4).
ipchains was used in kernel 2.2.
I don't use any frontend to do my firewall settings I use the iptables command
in a shell script.
There are good howtos (netfilter-howto, nat-howto) on how to set up a packet
filtering firewall and NAT (masquerading, port-forwarding, etc. at) on
netfilter.filewatcher.org
They are written by the guy who does the kernel programming of this stuff so
they are accurate...
Another node if you want to use ip_forwarding (routing, masquerading) on a
redhat like system (this includes LM) you must set net.ipv4.ip_forward=yes in
your /etc/sysctl.conf file... This took me quite a lot of time to figure out
on my RH7.1 router.
On 17-Jul-2001 Dalton Calford wrote:
> I am looking for the best firewall configuration software for Mandrake
> version 8.
> The firewall that comes in the control panel is next to useless and the tech
> support centre for mandrake told me that they do not support Bastille.
>
> What I am trying to do is this.
>
> I have two locations, Office1 and Office2
> both locations have a router that connects them to the internet and each has
> 32 ip addresses.
> The router at each location connects directly to a system we call a SAN
> (system access node) so we have SAN1 at Office1 and SAN2 at Office2
> Each SAN has three network cards (eth0, eth1, eth2), one for each ethernet
> segment in the office.
> eth0 connects to the router for the office and nothing else.
> eth1 connects to the rest of the routable ip addresses and is a DMZ.
> eth2 connects to the rest of the office workstations and uses a non-routable
> ip block.
> All traffic has to travel through the SAN in order to get to any other
> ethernet segment.
> The SAN acts as a NAT server for the non-routable ip addresses, and acts as a
> intelligent firewall vs a simple filter for the DMZ machines.
> The two SAN's need to set up a secure VPN between them extending the
> non-routable block accross the two offices.
>
> The setup is a little more complex than that, but, if I can set that up, I
> can extrapolate the rest.
>
> My problem is, I know that the firewalling and masqaurading rules have
> changed between the 2.2 and 2.4 kernels. I am getting conflicting
> instructions from the different books and how-to's depending on what is
> newer. I have also found that mandrake makes some assumptions towards
> security and configuration that conflict with some of the How-to's.
>
> I need to know, where can I find the how-to's that support Mandrake 8.0 and
> address my design needs?
> Is there a configuration tool that supports the design I require?
> Has anyone else had any experience in this?
>
> Mandrake Tech support was useless, even with sitting on hold for 15 minutes
> while the guy goes to ask someone else what NAT is.
>
> Although I have always supported Mandrake and bought the Prosuite Edition, I
> am now regreting having spent the money for support that the company does not
> really provide.
>
> best regards
>
> Dalton
>
----------------------------------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 18-Jul-2001
Time: 13:12:36
----------------------------------