FC4 - Firewall/Router
Thomas Cameron
thomas.cameron at camerontech.com
Sat Jun 18 14:15:39 UTC 2005
On Sat, 2005-06-18 at 10:05 -0400, Greg Swallow wrote:
> Network 192.168.0 is configured by D-Link wireless router to cable
> modem. firewall has access to the internet through
> the router via dhcp on eth0. eth1 is attached to what will be network
> 192.168.1 and we want firewall to serve dhcp on
> that network. We also want firewall to route internet traffic from/to
> 192.168.1 through 192.168.0; without having to
> shutdown the firewall server to do so.
Out of curiosity, why are you running a firewall behind the NAT router?
The NAT router is going to keep the bad guys out by its design. Granted
it's not a really high-end security solution, but most of the NAT
routers out there today are pretty secure.
Having said that, I would set my firewall rules like this (should all be
on one line):
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source
192.168.0.1
Save your settings by issuing the command:
service iptables save
Make sure that iptables will run next time your system boots:
chkconfig iptables on
Set your default route on the Linux firewall to be 192.168.0.1.
Turn routing on via /etc/sysctl.conf:
net.ipv4.ip_forward = 1
Then do
sysctl -e -p /etc/sysctl.conf
I think that's it. Obviously, this is a very simple setup. You can go
pretty crazy with iptables.
Holler if you need more info.
Thomas
More information about the users
mailing list