[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Configuring RedHat Linux 7.1 as a gateway server without IPChains.

This assumes eth0 is the outside world, and eth1 is the internal masq'ed
network.  BTW, this works on any Linux system running a 2.2 series kernel or
higher.  The  "---blahblah---"'s represent where other stuff preceeds or
follows.  There were no kernel configuration changes made to the stock
kernel while making it a router.  And yes, these are my own scripts from my
own router, up for almost a year now, and ZERO successful hack attempts >:)

rc.inet1{

---blahblah---
rc.ipchains
---blahblah---

}

rc.ipchains{

#!/bin/bash

echo "Activating IPv4 packet forwarding..."
echo 1 > /proc/sys/net/ipv4/ip_forward

/usr/sbin/ipmasqadm portfw -f

/sbin/ipchains -F

echo "Activating IPv4 packet MASQ"

/sbin/ipchains -A forward -s 192.168.10.0/24 -d ! 192.168.10.0/24 -j MASQ

/sbin/ipchains -A input -b -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A input -b -i eth0 -s 172.16.0.0/12 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A input -b -i eth0 -s 192.168.0.0/16 -d 0.0.0.0/0 -j DENY

/sbin/ipchains -A output -b -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A output -b -i eth0 -s 172.16.0.0/12 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A output -b -i eth0 -s 192.168.0.0/16 -d 0.0.0.0/0 -j DENY

}

rc.modules{

---blahblah---
/sbin/modprobe ip_masq_autofw
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_mfw
/sbin/modprobe ip_masq_portfw
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_user
/sbin/modprobe ip_masq_vdolive
---blahblah---

}

----- Original Message -----
From: "Prem Chandra Kumar.N" <pckumar_n@yahoo.com>
To: <security-discuss@linuxsecurity.com>
Sent: Tuesday, November 27, 2001 18:19 HRS
Subject: Re: Configuring RedHat Linux 7.1 as a gateway server without
IPChains.


> Dear all,
> Please Tell me how to configure NAT in Red Linux 7.1. Please give me some
> examples.
>
> Regards
> Prem
>
>
>
> ----- Original Message -----
> From: "Joe Stevensen" <joe.stevensen@exodus.net>
> To: <security-discuss@linuxsecurity.com>
> Sent: 27 November 2001 22:57
> Subject: RE: Configuring RedHat Linux 7.1 as a gateway server without
> IPChains.
>
>
> > Best thing to do first is get rid of IPCHAINS.
> > Most IPTABLES scripts will not work when IPCHAINS is installed.
> >
> > To find out if IPCHAINS is installed, do this:
> >
> > rpm -q ipchains
> >
> > To remove IPCHAINS, do this:
> >
> > rpm -e ipchains
> >
> > Then reboot. (you can unload and load the appropriate kernel modules if
> > rebooting is not desired)
> >
> > Then try out your scripts.
> >
> > If you need to find some already made scripts, try here. This place
should
> > be your 'go-to' for IPTABLES stuff.
> > http://www.linuxguruz.org/iptables/
> >
> > -----Original Message-----
> > From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On
> > Behalf Of Prem Chandra Kumar.N
> > Sent: Monday, November 26, 2001 10:02 PM
> > To: security-discuss@linuxsecurity.com
> > Subject: Configuring RedHat Linux 7.1 as a gateway server without
> > IPChains.
> >
> >
> >
> > Hi,
> > I need to configure RedHat Linux 7.1 as a gateway server for allowing my
> > user's to access the internet from my local private network. I want to
> > configure without IPCHAINS.
> > I tried using netcfg utility, it did not work
> > Please anyoone helpl me how to configure the same with an example.
> >
> > Regards
> > Prem Kumar.N
> >
> >
> > ------------------------------------------------------------------------
> >      To unsubscribe email security-discuss-request@linuxsecurity.com
> >          with "unsubscribe" in the subject of the message.
> > ------------------------------------------------------------------------
> >      To unsubscribe email security-discuss-request@linuxsecurity.com
> >          with "unsubscribe" in the subject of the message.
> >
>
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.
>


------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

[Home]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Network Security]     [Fedora Security]

Powered by Linux