[K12OSN] OT:ipchains, firewalls, nat, forwarding
Mike Heins
k12osn at perusion.com
Sat Dec 3 21:09:58 UTC 2005
Quoting Eric Brown (ericbrown at mi-spot.com):
> I call this OT because it's not on a K12LTSP installation. I chose not to
> install a firewall on my K12LTSP installation to simplify matters, since our
> district is "supposed" to handle all that. I never had any trouble with
> the terminal server forwarding things.
>
> I just recieved another server where the vendor installed Fedora core 4 with
> the "Install everything" option, as well as installing a firewall. THis
> machine is going to act as a gateway machine and a file server for a bunch
> of XP machines. Thanks to a question I asked this group a few months ago, I
> managed to get DHCP running. With some googleing, I can ping an external IP
> from one of the XP machines. I would like to allow dns and web access, but
> I want to kill any MSN access and pretty much anything else.
>
> So I'm split. I could ease my headach and turn off the firewall. Would the
> fileserver then allow all traffic through it?
Yes. But typically, the simple Linux firewall setup only blocks incoming
connections. the settings will allow most *outgoing* traffic.
>
> OR (and I've been searching on this all day), how can I turn it on to allow
> port s 53 and 80 through the file server. Better yet, can anyone point me
> to a very *simple* explanation of how to do this in general (give a man a
> fish...). All references I could find were too lengthy or strictly involved
> ppp which isn't being used here.
>
You could use iptables to limit outgoing traffic as well, but it is
hard.
I am a big command-line guy, but firewalls are too complicated and too
detail-oriented to deal with on that basis. So I recommend using a tool
like GuardDog to manage your firewall.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Prove you aren't stupid. Say NO to Passport.
More information about the K12OSN
mailing list