On Tue, 2004-09-28 at 04:19, Contact wrote:
> This helps a bit, but still way out of my league - there is a lot of stuff
> to remember. In the many sites, including the one you list below, they talk
> of various configurations before ever getting to the rules - is this
> necessary?
>
> i.e.
>
> INET_IP="194.236.50.155"
> INET_IFACE="eth0"
> INET_BROADCAST="194.236.50.255"
>
> LAN_IP="192.168.0.2"
> LAN_IP_RANGE="192.168.0.0/16"
> LAN_IFACE="eth1"
necessary, no. but it is a standard scripting practice that makes your
life easier. would you rather specify "eth0" 50 times in your script,
and then have to change it 50 times when something hardware-wise
changes? or just change one thing that says "INET_IF=eth0"
> Then a bunch of modules are loaded....
almost all modules are loaded automatically as needed by the kernel.
you should explicitly load "helper" modules that you expect to need;
i.e.,
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
> Are <if_lan>, <net_lan> and <if_inet> reserved commands or do I need to put
> something in here. I am assuming these are variables and tie in with the
> above - not sure though.
there are no such reserved words/commands with respect to iptables. it
simply does what you tell it to.
> Note: All the other LAN clients have access to the internet via the Linksys
> router as does the Linux box. The router is my gateway....
>
> One last thing. Is there a way to block an entire domain i.e. domain.com or
> an entire IP block i.e 24.168.1.0/24.
domain--no, not really.
IP block--yes:
-s 24.168.1.0/24
-d 24.168.1.0/24
> Thanks
no prob. i know it's already been recommended once, but you ready
should hit this up and down:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
-j
--
Jason Opperisano <opie@xxxxxxxxxxx>
