[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ipchains and masquerading help

From: "Simon Collyer" <scollyer scolly net au>

> Sorry my apologies, I am not running ipchains but iptables
> got that confused as I recently upgraded this box
> here are my iptables
> *filter
> :RH-Lokkit-0-50-INPUT - [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT

Were it me rather than you I'd toss that RH-Lokkit "stuff such as
comes from the south end of a north facing bull" and visit the IP
Masquerade resource site for a working proper script.

Note that you have not loaded any modules for handling various
special formats. You have not turned on ip-forwarding in the
kernel. ("echo "1" > /proc/sys/net/ipv4/ip_forward")

The IP Masquerade resource site has a COMMENTED script to allow you
easy setup for NAT plus firewall plus NAT FTP transport, irc support,
and so forth.

If you are using a "tool" for setting up firewalls I cannot recommend
highly enough that you spend some time on the manual so that you can
setup a safe and effective Firewall and NAT configuration with it.

(Consider that Windows is so easy to setup because security is not
their first priority. That's why such a high percentage of Windows
machines are cracked. Lazy configurations for Linux also lead to
cracked Linux machines. So Linux is not immune to this problem. Lazy
setup attempts make cracking Linux easier. That said the short
firewall setup on the IP Masquerade site is pretty much a drop in
and it has security as one of its concerns. I preferred the longer
and more detailed script as the basis for my setup here.)

        Visit http://ipmasq.cjb.net/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]