[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] OT:ipchains, firewalls, nat, forwarding



I second that - I use firehol on my webserver, and it does a nice job without too much effort. I've written such things from scratch, and this did what I wanted to do a whole lot quicker than writing yet another 200+ line shell script.

One note: ipchains went away with the 2.2 kernel - we now have iptables, which among other things is stateful (think RELATED,ESTABLISHED -j ACCEPT rules).

Cheers,
Mike

Henry Burroughs wrote:
I use a program called FireHol (firehol.sf.net), which uses a simple
configuration file to write iptables codes.  It works from shutting all
the holes and then poking certain things through. I have a pretty decent
set of definitions which do some port forwarding and redirection and it
works nicely.

Henry Burroughs


On Sat, 2005-12-03 at 16:09 -0500, Mike Heins wrote:
Quoting Eric Brown (ericbrown mi-spot com):
I call this OT because it's not on a K12LTSP installation.  I chose not to
install a firewall on my K12LTSP installation to simplify matters, since our
district is  "supposed" to handle all that.  I never had any trouble with
the terminal server forwarding things.

I just recieved another server where the vendor installed Fedora core 4 with
the  "Install everything" option, as well as installing a firewall.  THis
machine is going to act as a gateway machine and a file server for a bunch
of XP machines.  Thanks to a question I asked this group a few months ago, I
managed to get DHCP running.  With some googleing, I can ping an external IP
from one of the XP machines.  I would like to allow dns and web access, but
I want to kill any MSN access and pretty much anything else.

So I'm split.  I could ease my headach and turn off the firewall.  Would the
fileserver then allow all traffic through it?
Yes. But typically, the simple Linux firewall setup only blocks incoming
connections. the settings will allow most *outgoing* traffic.

OR (and I've been searching on this all day), how can I turn it on to allow
port s 53 and 80 through the file server.  Better yet, can anyone point me
to a very *simple* explanation of how to do this in general (give a man a
fish...).  All references I could find were too lengthy or strictly involved
ppp which isn't being used here.

You could use iptables to limit outgoing traffic as well, but it is
hard.

I am a big command-line guy, but firewalls are too complicated and too
detail-oriented to deal with on that basis. So I recommend using a tool
like GuardDog to manage your firewall.


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]