[wellylug] Router/Firewall
Tim Nicholas
tim at nicholas.net.nz
Wed Jan 21 16:25:37 NZDT 2004
On 01/21/04 16:12, Tim Nicholas wrote:
> On 01/21/04 13:24, Jamie Dobbs wrote:
>> on this one! (I think that with Debian ipchains is my only option? And I
>> can't seem to get the Kernel to support either in Gentoo at the
>> moment!!!).
>>
You should be able to use iptables with debian. What kernel are you
using? If it's the default install kernel then you should change it
anyway as it's probably insecure. Basically you just need to have a
2.4.* kernel.
The easiest way to update it is probably to run 'apt-cache search
kernel-image' and take your pick. kernel-image-2.4.18-386 will work.
Debian is probably a better choice for this purpose than gentoo anyway,
since it's much more easily maintainable.
Tim
>
> I imagine that you are looking for something like...
>
> iptables -P FORWARD DROP
> iptables -A FORWARD -d 1.2.3.0/24 -s 6.7.8.0/24 -p tcp --dport 5902
> --state NEW,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -d 6.7.8.0/24 -s 1.2.3.0/24 -p tcp --dport 5902
> --state NEW,ESTABLISHED -j ACCEPT
>
> But those are completely untested and may not actually work at all. The
> first one makes sure that everything that doesn't get explicitly allowed
> is denied, and the next two allow the traffic that you want.
> Be careful though, I'm no iptables expert and these rules are totally
> untested. YMMV etc.
>
> And don't forget to enable forwarding with something like...
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
--
Tim Nicholas || Cilix
Email: tim at nicholas.net.nz || Wellington, New Zealand
http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
More information about the wellylug
mailing list