masquerading (was Re: respin question please)

[Steven Pritchard <steve@silug.org>]

Brune, Charlie said:
> I'd love to hear how to get ipchains to work.  I bought a cable
> modem/router and I'm betting I could have had the same functionality
> on my Linux box for a lot less $$$.

Actually, that was the topic of our meeting a few months ago.  (Well,
firewalling in general anyway.)

The best reference on ipchains is here:

    http://netfilter.kernelnotes.org/ipchains/HOWTO.html

For masquerading specifically, see here:

    http://netfilter.kernelnotes.org/ipchains/HOWTO-3.html#ss3.1

I should mention that I don't recommend using your one and only Linux
box for masquerading.  While it is convenient, it still leaves that
box exposed to the world.  One of the main points of masquerading is
that you can get out of your network, but nobody can get in unless you
want them to.

So, if at all possible, find an old 386/486/Pentium box (you can find
slow Pentiums on auction sites for less than $100 usually) and use
*that* for your masq box.  (And make sure you shut off all services on
that box, otherwise it defeats the whole purpose.  :)

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7320             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.