Hi. I have at home a small network of 4 computers hooked up to an 8 port netgear 10/100 switch, which then feeds into my Linux router / firewall which feeds into my 3com cable modem which feeds into at&t's cable modem network.
My linux firewall/router is basically a Pentium 233 MMX with 64 Megs of ram and 8Gb hard drive. I wrote a script called 'firewall' and chmod +x 'd it. <snip> # allow packet forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # flush tables iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING iptables -t nat -F OUTPUT # allow packes from my work iptables -A INPUT -i eth0 -s 64.244.234.0/23 -j ACCEPT # log and drop everything else connecting TO my firewalll iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j LOG --log-prefix " input-drop " iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP # allow certan packets through to interanll computers iptables -A FORWARD -i eth0 -p tcp --dport 4000 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --sport 5190 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --dport 1214 -j ACCEPT # log and drop everything else iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j LOG --log-prefix " forward-drop " iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP # setup masquerading for outgoing traffic iptables -t nat -A POSTROUTING -j MASQUERADE </snip> This setup has basically worked fine so far. If anyone has any suggestions on my setup, I am open to suggestions. At 02:53 2002-02-26, you wrote: >I operate a small network of about 5 computers and am considering setting up >a pc to operate as a firewall/router for the network. The network does no >recieve much traffic at all and trying to figure out hardware wise what I need >the topology I have decided to go with is that each box on the network will have >its own nic on the pc. Additionally, if anyone can suggest documentation on how >to set this up software wise I would appreciate it. > >I have some experience with iptables, but an unsure exactly how I would set this >up? Again any help would be appreciated. > >Thank you. > >J. Ferguson Lee [EMAIL PROTECTED]
