[K12OSN] OT:ipchains, firewalls, nat, forwarding

Les Mikesell les at futuresource.com
Sat Dec 3 23:25:24 UTC 2005

On Wed, 2005-11-30 at 19:42, Eric Brown wrote:

> I just recieved another server where the vendor installed Fedora core 4 with
> the  "Install everything" option, as well as installing a firewall.  THis
> machine is going to act as a gateway machine and a file server for a bunch
> of XP machines.  Thanks to a question I asked this group a few months ago, I
> managed to get DHCP running.  With some googleing, I can ping an external IP
> from one of the XP machines.  I would like to allow dns and web access, but
> I want to kill any MSN access and pretty much anything else.
> So I'm split.  I could ease my headach and turn off the firewall.  Would the
> fileserver then allow all traffic through it?

The simple and probably better approach is to turn off NAT
completely and run squid proxy instead.  You'll have to
configure the clients to use it or set up iptables for
transparent proxying but then you can add squidguard and
dansguardian for more control.

   Les Mikesell
    les at futuresource.com

More information about the K12OSN mailing list