Hello, I don't understand how the maskerading works. I currently have a router, that is connected to the modem. Then, I have another 3 computers behind the router, one of which is the linux. What I want to do is dmz linux so that it acts as a firewall. Thanks, ~~TheCreator~~ website: http://tysplace.shaned.net msn: compgeek134 at hotmail.com aim: st8amnd2005 skype: st8amnd127 moo coder/wizard and administrator ----- Original Message ----- From: "Gregory Nowak" <greg@xxxxxxxxxxxxxxxxxx> To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca> Sent: Tuesday, July 11, 2006 8:08 PM Subject: Re: iptables questions > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, Jul 11, 2006 at 03:04:23PM -0600, Tyler Littlefield wrote: > > I tried running endoshield, and got a ton of errors. > > When I first started using endoshield, I found the errors I got were > the result of not configuring all the iptables stuff during my kernel > config. So, your best bet in my humble opinion is to include all the > iptables, nat, and connection tracking stuff as modules, and tying > endoshield again. You could also post your errors, so we can see if a > lack of modules is the case here, or if it's something else. > > > So, now I will try to do it manually. I'm going through a tutorial now, and I have a coupel questions. > > I can do the following. > > iptables -A INPUT -p tcp -dport 2200 -j queue > > iptables -A INPUT -p tcp -sport 2200 -j queue > > to allow for the traffic on port 2200 to go through. I think. > > I've never used the queue target, so I can't help you here. I can only > tell you that when I want to open a port, I use the ACCEPT target to > do so. > > > But, lets say I create a rule for each port. The ones I want to allow, and the ones I don't want to allow. > > I think I can use a -s to make it only local if I want. > > Then, how would I block the ports that I haven't created rules for? > > Off the top of my head, without looking at the iptables docs, or at > the endoshield script, I believe you use the DROP target on the entire > input chain, and below that, use the ACCEPT target on the ports you > want to open. I do however stand to be corrected here. > > > next, if I set up the box as a DMZ, in front of the router, is there a way that I can make it manage all traffic coming in and out of the network? Just like the router would? > > Yes, this is called ip masquerading, and endoshield is a good example > of how it's done. Also note that if you intend to share your > connection with multiple machines, your main machine will need 2 > network cards, one from the router to the pc, and the other from the > pc to the switch/hub that your other machines are connected to. > > Greg > > > > > - -- > web site: http://www.romuald.net.eu.org > gpg public key: http://www.romuald.net.eu.org/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > > - -- > Free domains: http://www.eu.org/ or mail dns-manager at EU.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEtFmy7s9z/XlyUyARAsrtAKDBUJ2A64LR4gOHroSFnORWAoSmvwCcC2En > 78FEqOYvuvSIEOYuM8Ic3M4= > =MPIm > -----END PGP SIGNATURE----- > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup