[OLUG] ipchains cookbook
puzzled
puzzled at home.com
Mon Mar 6 00:05:18 UTC 2000
assuming you're running redhat 6.something ...
your default kernel already supports ipchains firewalling
install your second ethernet card
assuming you're a cox customer eth0 should be 24.3.x.x and you can use
192.168.0.1 255.255.255.0 for eth1's IP addrs
mount the redhat cd
rpm -i /mnt/cdrom/RedHat/RPMS/ipchain*
edit /etc/sysconfig/network and set IP forwarding to true
go to www.freshmeat.net and search for pmfirewall
download the pmfirewall tarball
extract pmfirewall (with tar -xzvf pmfirewall.tar.gz)
change into the directory created by unpacking the tar and run
install.sh
at this point the pmfirewall installation script takes over and asks you
questions about your system, As a minimum you *must* know which
interface is internal, which interface is external and which services
you are running and the ports they use. If you're building a firewall
only box the only thing it should really have on it is the ssh server
for secure access.
once pmfirewall is working you need to configure the internal
workstations. Set them to have an ip 192.168.0.2-254, their mask is
255.255.255.0, their default gateway is 192.168.0.1, and use the
provider's DNS (Cox's numbers are 24.3.232.33 and 24.3.232.34).
On my network my primary workstation is also the firewall for other
PCs. I allow ssh access from the outside (port 22) but I don't have ftp
or telnet (ports 21 and 23) turned on. I do occasionally use tftp so I
have UDP port 69 open but that is protected via tcpwrappers to only talk
to the private network numbers (10.x.x.x, 192.168.x.x, and 172.16.x.x
through 172.31.x.x)
pfirewall is pretty slick - it just writes the rules that ipchains
uses one startup to protect your machine. You can examine
/usr/local/pmfirewall and see the config files it makes. If you haven't
read the ipchains howto this will look like a bunch of line noise to you
...
-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm. http://olug.bstc.net/
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
More information about the OLUG
mailing list