FC4 - Firewall/Router
Claude Jones
claude_jones at levitjames.com
Sat Jun 18 14:55:31 UTC 2005
Thomas Cameron wrote:
>On Sat, 2005-06-18 at 10:05 -0400, Greg Swallow wrote:
>
>
>
>>Network 192.168.0 is configured by D-Link wireless router to cable
>>modem. firewall has access to the internet through
>>the router via dhcp on eth0. eth1 is attached to what will be network
>>192.168.1 and we want firewall to serve dhcp on
>>that network. We also want firewall to route internet traffic from/to
>>192.168.1 through 192.168.0; without having to
>>shutdown the firewall server to do so.
>>
>>
>
>Out of curiosity, why are you running a firewall behind the NAT router?
>The NAT router is going to keep the bad guys out by its design. Granted
>it's not a really high-end security solution, but most of the NAT
>routers out there today are pretty secure.
>
>Having said that, I would set my firewall rules like this (should all be
>on one line):
>
>iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source
>192.168.0.1
>
>Save your settings by issuing the command:
>
>service iptables save
>
>Make sure that iptables will run next time your system boots:
>
>chkconfig iptables on
>
>Set your default route on the Linux firewall to be 192.168.0.1.
>
>Turn routing on via /etc/sysctl.conf:
>
>net.ipv4.ip_forward = 1
>
>Then do
>
>sysctl -e -p /etc/sysctl.conf
>
>I think that's it. Obviously, this is a very simple setup. You can go
>pretty crazy with iptables.
>
>Holler if you need more info.
>
>Thomas
>
>
>
Another thing he might try, he said he was looking for a GUI, is
firestarter, if I'm reading him correctly. A simple GUI app that takes
care of DHCP and firewalling and is intuitive and quick to set up.
More information about the users
mailing list