l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Oct 05 09:52

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] iptables
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] iptables



I haven't heard about any of those tools...

I just use the vanilla iptables scripting.

Here is a link to the best HOWTO that I have found:

http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html

Most of what I talked about was from that tutorial.

There are plenty of other good tutorials, thought.  If you want to post your
scripts (with IP addys and ranges xxxx'ed out), or email them to me, I can see
what I can see with them.

But mostly one line should get the basic NAT and forwarding working.  There is
lots and lots you _can_ do, but it is limited mostly by your desire and time. 
Here are some sample lines that could help you get started:

Basic forwarding and address translation:

iptables -t nat -A POSTROUTING -s [internal IP range] -d 0.0.0.0 -j SNAT
--to-source [external ip address]

-or-

iptables -t nat -A POSTROUTING -i eth1 -d 0.0.0.0 -j SNAT --to-source [external
ip addy]

to forward based on a port:

iptables -t nat -A PREROUTING -d [external ip] -dport 25 -j DNAT --to-source
[internal smtp server]

to log a connection:

iptables -A INPUT -dport 515 -j log --log-prefix "NETFILTER: "

As mentioned before, if you want I can take a look.  It's been awhile since I
played with it, but I'll be happy to help any way I can.

HTHO,

jan

--- Joel Baumert <kender@geeksource.net> wrote:
> 
> Heh... That was one of the few meetings that I missed in 2001, 
> right after Isaac was born.  I didn't see the notes on the
> website.  Am I looking in the wrong place?
> 
> I'll take a look at Shorewall as a short term solution.  I
> would really like to understand what is going on under the
> hood because I'm thinking of a couple of tricky filtering 
> and logging ideas for the future.
> 
> I found a list of iptables configuration tools, but haven't
> had a change to wade through them yet.  Does anyone have
> experience these or any other tools?
> 
> MonMotha's Firewall
> Firewallscript
> Ferm
> AGT
> Knetfilter
> gShield
> 
> I found them in this article, but I'll have to do more 
> searching when I get home from work.
> 
> http://online.securityfocus.com/infocus/1410
> 
> Joel
> 
> On Fri, Oct 04, 2002 at 09:17:15AM -0700, Jeff Newmiller wrote:
> > On Fri, 4 Oct 2002, Joel Baumert wrote:
> > 
> > > Are there any iptables experts out there???
> > 
> > Probably.  Jan Wynholds gave a talk on it that I missed.
> > 
> > I just use Shorewall, so I really don't know the underlying iptables all
> > that well. It came with a basic configuration for masquerading that was
> > pretty easy to modify.  My only complaint is that the rule startup is
> > relativelyu slow, but that only happens during configuration and bootup.
> > 
> > ---------------------------------------------------------------------------
> > Jeff Newmiller                        The     .....       .....  Go Live...
> > DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
> >                                       Live:   OO#.. Dead: OO#..  Playing
> > Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
> > /Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
> > ---------------------------------------------------------------------------
> > 
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech


=====
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
PATRIOTISM, n.  Combustible rubbish read to the torch of any one
ambitious to illuminate his name.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!