Ipchains/Iptables

Discuss Networking
Post Reply
byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Ipchains/Iptables

Post by byrdman » Thu May 29, 2003 9:53 am

Your vast knowledge of Linux is requested, oh great ones!
I am helping a guy move his stuff off of an ISP and making him his own. he hosts around 100 or so sites and was wanting to set up a temp firewall for him until he gets a hardware based with a VPN. Does anyone have any recommendation on using IPchains/IPtables? I have never gotten into this since all of my linux servers are protected by both my home firewall and my corporate firewall. does anyone have a sample config they could share or a link of a pretty easy how-to? And, has anyone used three NIC's and done a dmz with linux?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu May 29, 2003 10:00 am

Yes, iptables is an excellent firewall/filter/etc. There is a thread around here somewhere where I helped bazoukas though it (there is a lot of unnecessary jabber in there that you already know about). Also you can configure iptables via webmin (be careful not to lock yourself out), but I prefer to do it from the command line and do a "service iptables save" to save what I add manually. I am on my way out the door so hopefully someone can point you to some more simple HOWTOs, if not I'll try and gather some more references later this afternoon. There are also several front end apps that do nothing more than configure iptables underneath.

Tux
guru
guru
Posts: 689
Joined: Wed Jan 08, 2003 10:40 am

Post by Tux » Thu May 29, 2003 11:14 am

www.netfilter.org is a good place to start if you don't mind seeing the technical stuff straight off the bat.
I have no idea how to do a DMZ, but I imagine it just takes a little logic.

www.smoothwall.org has a very nice, small pre-configured firewall/gateway distro that you could use as a stop-gap.

iptables is quite easy to get to grips wiht, I feel the best way to learn is to read through someone elses script, I can't think of any links for you this minute but i'm sure www.google.com/linux and www.tldp.org will help you out :)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu May 29, 2003 2:07 pm

Yes, you most definitely can have a DMZ with iptables, you just need 3 network cards. Regarding my previous note about the other thread with Bazoukas, that was relating more to a gateway and not a firewall and would not be a good example of a firewall, bad memory (gray matter, not silicon).

Post Reply