Re: Starting iptables

On Wed, Oct 18, 2006 at 09:06:10AM -0500, cothrige wrote:
* Kevin Mark (kevin.mark@xxxxxxxxxxx) wrote:

Hi Patrick,
most folks just run 'shorewall'! And you can add more rules if you need
to.
=Kev

This does seem to be the consensus here. However, as I have never
used this tool it is a bit intimidating. And the documentation is so
vast it may be a bit of an overkill for my very simple purposes. You
see, I have only one NIC which is connected to a Linksys router, which
in turn is connected to the modem. My modem does its own firewalling,
but I cannot bring myself to rely entirely on it, and always set up my
own as well. But, because I have only one NIC I can never quite
figure out what to do with loc in the zones, which in the
documentation and such is always eth1, which I don't have. Should I
not have a loc zone? Or do I just have eth0 for both net and loc?

Under shorewall, you would not have a loc since you don't have a local
network. You would only have 'fw', your one-and-only box is the
firewall.

As I see it, you have two choices. If you just want something that
should do what you want and don't want to have to set anything up, just
install ipmasq. It determines what the untrusted network is by where
the default route or gateway points; its automatic. If you want the
tightest firewall with only the ports you want open, then go with
shorewall.

The documentation is vast; its like a book. You wouldn't buy a big book
on network security and open it to the middle and expect to know what
was going on. Start at the beginning and just read it through. Trust
your brain to synthesize and develop a plan for your situation.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: standalone firewall connections
    ... >The new standalone firewall box I have built is now connecting via PPP ... you _will_ want to use Shorewall. ... In every network, the first address is the name of the network and the last ... Don't go to a whole lot of trouble to set up masquerading. ...
    (RedHat)
  • Re: Firewall choices
    ... Shorewall is a gui wrapper around iptable/netfilter(linux firewall). ... If you learn iptables/netfilter rules you can build a firewall like ... I did have problems in that it would not come up unless the network is ...
    (alt.os.linux)
  • Re: Mandrake 10, gateway/firewall setup HOWTO?
    ... Go into the Mandrake Control Center under security, firewall ... I would load webmin to allow you to play with the shorewall firewall files. ... I assume you have loaded your /etc/hosts file with LAN definitions. ...
    (comp.os.linux.networking)
  • cant take it anymore: samba/firewall
    ... I barely qualify as a networking noob so it's ... win98 guest can print via samba just fine... ... Shorewall is set up perfectly for what I need so long as I don't want to ... If I shut the firewall off I don't ...
    (comp.os.linux.networking)
  • [Full-disclosure] [SECURITY] [DSA 849-1] New shorewall packages fix firewall bypass
    ... "Supernaut" noticed that shorewall, the Shoreline Firewall, could ... If you are using the apt-get package manager, ... Debian GNU/Linux 3.1 alias sarge ...
    (Full-Disclosure)