[K12OSN] OT:ipchains, firewalls, nat, forwarding

Mike Ely mely at rogueriver.k12.or.us
Tue Dec 6 18:31:39 UTC 2005

I second that - I use firehol on my webserver, and it does a nice job 
without too much effort.  I've written such things from scratch, and 
this did what I wanted to do a whole lot quicker than writing yet 
another 200+ line shell script.

One note: ipchains went away with the 2.2 kernel - we now have iptables, 
which among other things is stateful (think RELATED,ESTABLISHED -j 
ACCEPT rules).


Henry Burroughs wrote:
> I use a program called FireHol (firehol.sf.net), which uses a simple
> configuration file to write iptables codes.  It works from shutting all
> the holes and then poking certain things through. I have a pretty decent
> set of definitions which do some port forwarding and redirection and it
> works nicely.
> Henry Burroughs
> On Sat, 2005-12-03 at 16:09 -0500, Mike Heins wrote:
>> Quoting Eric Brown (ericbrown at mi-spot.com):
>>> I call this OT because it's not on a K12LTSP installation.  I chose not to
>>> install a firewall on my K12LTSP installation to simplify matters, since our
>>> district is  "supposed" to handle all that.  I never had any trouble with
>>> the terminal server forwarding things.
>>> I just recieved another server where the vendor installed Fedora core 4 with
>>> the  "Install everything" option, as well as installing a firewall.  THis
>>> machine is going to act as a gateway machine and a file server for a bunch
>>> of XP machines.  Thanks to a question I asked this group a few months ago, I
>>> managed to get DHCP running.  With some googleing, I can ping an external IP
>>> from one of the XP machines.  I would like to allow dns and web access, but
>>> I want to kill any MSN access and pretty much anything else.
>>> So I'm split.  I could ease my headach and turn off the firewall.  Would the
>>> fileserver then allow all traffic through it?
>> Yes. But typically, the simple Linux firewall setup only blocks incoming
>> connections. the settings will allow most *outgoing* traffic.
>>> OR (and I've been searching on this all day), how can I turn it on to allow
>>> port s 53 and 80 through the file server.  Better yet, can anyone point me
>>> to a very *simple* explanation of how to do this in general (give a man a
>>> fish...).  All references I could find were too lengthy or strictly involved
>>> ppp which isn't being used here.
>> You could use iptables to limit outgoing traffic as well, but it is
>> hard.
>> I am a big command-line guy, but firewalls are too complicated and too
>> detail-oriented to deal with on that basis. So I recommend using a tool
>> like GuardDog to manage your firewall.
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list