This assumes eth0 is the outside world, and eth1 is the internal masq'ed
network. BTW, this works on any Linux system running a 2.2 series kernel or
higher. The "---blahblah---"'s represent where other stuff preceeds or
follows. There were no kernel configuration changes made to the stock
kernel while making it a router. And yes, these are my own scripts from my
own router, up for almost a year now, and ZERO successful hack attempts >:)
rc.inet1{
---blahblah---
rc.ipchains
---blahblah---
}
rc.ipchains{
#!/bin/bash
echo "Activating IPv4 packet forwarding..."
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/ipmasqadm portfw -f
/sbin/ipchains -F
echo "Activating IPv4 packet MASQ"
/sbin/ipchains -A forward -s 192.168.10.0/24 -d ! 192.168.10.0/24 -j MASQ
/sbin/ipchains -A input -b -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A input -b -i eth0 -s 172.16.0.0/12 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A input -b -i eth0 -s 192.168.0.0/16 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A output -b -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A output -b -i eth0 -s 172.16.0.0/12 -d 0.0.0.0/0 -j DENY
/sbin/ipchains -A output -b -i eth0 -s 192.168.0.0/16 -d 0.0.0.0/0 -j DENY
}
rc.modules{
---blahblah---
/sbin/modprobe ip_masq_autofw
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_mfw
/sbin/modprobe ip_masq_portfw
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_user
/sbin/modprobe ip_masq_vdolive
---blahblah---
}
----- Original Message -----
From: "Prem Chandra Kumar.N" <pckumar_n@yahoo.com>
To: <security-discuss@linuxsecurity.com>
Sent: Tuesday, November 27, 2001 18:19 HRS
Subject: Re: Configuring RedHat Linux 7.1 as a gateway server without
IPChains.
> Dear all,
> Please Tell me how to configure NAT in Red Linux 7.1. Please give me some
> examples.
>
> Regards
> Prem
>
>
>
> ----- Original Message -----
> From: "Joe Stevensen" <joe.stevensen@exodus.net>
> To: <security-discuss@linuxsecurity.com>
> Sent: 27 November 2001 22:57
> Subject: RE: Configuring RedHat Linux 7.1 as a gateway server without
> IPChains.
>
>
> > Best thing to do first is get rid of IPCHAINS.
> > Most IPTABLES scripts will not work when IPCHAINS is installed.
> >
> > To find out if IPCHAINS is installed, do this:
> >
> > rpm -q ipchains
> >
> > To remove IPCHAINS, do this:
> >
> > rpm -e ipchains
> >
> > Then reboot. (you can unload and load the appropriate kernel modules if
> > rebooting is not desired)
> >
> > Then try out your scripts.
> >
> > If you need to find some already made scripts, try here. This place
should
> > be your 'go-to' for IPTABLES stuff.
> > http://www.linuxguruz.org/iptables/
> >
> > -----Original Message-----
> > From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On
> > Behalf Of Prem Chandra Kumar.N
> > Sent: Monday, November 26, 2001 10:02 PM
> > To: security-discuss@linuxsecurity.com
> > Subject: Configuring RedHat Linux 7.1 as a gateway server without
> > IPChains.
> >
> >
> >
> > Hi,
> > I need to configure RedHat Linux 7.1 as a gateway server for allowing my
> > user's to access the internet from my local private network. I want to
> > configure without IPCHAINS.
> > I tried using netcfg utility, it did not work
> > Please anyoone helpl me how to configure the same with an example.
> >
> > Regards
> > Prem Kumar.N
> >
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> >
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
