From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: * X-Spam-Status: No, score=1.0 required=5.0 tests=DATE_IN_PAST_12_24, DKIM_ADSP_NXDOMAIN,DMARC_MISSING,INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from moutvdom00.kundenserver.de ([195.20.224.149]) by cvs.gentoo.org with esmtp (Exim 3.30 #1) id 15oC3K-0004vS-00 for gentoo-dev@cvs.gentoo.org; Mon, 01 Oct 2001 17:00:46 -0600 Received: from [195.20.224.219] (helo=mrvdom03.schlund.de) by moutvdom00.kundenserver.de with esmtp (Exim 2.12 #2) id 15oC49-0005vA-00 for gentoo-dev@cvs.gentoo.org; Tue, 2 Oct 2001 01:01:37 +0200 Received: from pd9525a65.dip.t-dialin.net ([217.82.90.101] helo=wp) by mrvdom03.schlund.de with esmtp (Exim 2.12 #2) id 15oC49-0002Ql-00 for gentoo-dev@cvs.gentoo.org; Tue, 2 Oct 2001 01:01:37 +0200 From: "Sebastian Werner" To: Subject: AW: [gentoo-dev] NAT iptables info Message-ID: <000701c14acd$0321c360$0100a8c0@wp> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <3BB8D91C.C52CDE0C@gentoo.org> Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Mon Oct 1 17:01:03 2001 X-Original-Date: Tue, 2 Oct 2001 01:01:26 +0200 X-Archives-Salt: 082520c4-b2fa-441d-be5f-985c1c66abf8 X-Archives-Hash: 1692d6d9e171f85f2c5a35e03e087f22 Wow, what's mail. Great stuff - people. I will try the attachment of Gontran, thanks thanks thanks. Sebastian P.S I know that this is not the really right place for this, thanks, Donny. Sometimes I think it's more than a developer list of one product. I search for good people in mailingslists. This is a list with some really cool guys who understand their favourite parts very good. Yes, I think I needn't know all administration facilities so to ask is sometimes much faster as to search. ;-)) -----Urspr=FCngliche Nachricht----- Von: gentoo-dev-admin@cvs.gentoo.org [mailto:gentoo-dev-admin@cvs.gentoo.org] Im Auftrag von Donny Davies Gesendet: Montag, 1. Oktober 2001 22:59 An: gentoo-dev@cvs.gentoo.org Betreff: [gentoo-dev] NAT iptables info Please search freshmeat for iptables scripts. Please understand that they're mostly just that-- scripts. Mostly they work top-down, with a few variables you can edit applicable to your setup. Its easy enough to understand. There are a zillion things you can do with the netfilter framework, its very robust. To provide some kind of gentoo firewall is, hmm, well silly. Its %100 configuration. This is not the domain of a 'package', 'rpm' or ebuild. It is the domain of a system administrator. If you are operating a Linux box then you are automatically a system administrator. Cool huh!? :-) This list is not the place for this type of stuff IHMO. This is not a howto-list. I mean no disrespect. Please dont take any offense. What gentoo provides is a nice framework for inserting your firewall script into the init system. At least on rc5 there was an initfile specifically for that purpose. Actually we neednt provide any more than just that! Ie: provide a slot for a firewall script to run. I think the rc5 one ran after all non-local interfaces were brought up, its been so long since I changed my firewall box that I cant remember anymore :) The nice thing about that approach is that you could always just source it, and run the function it was enclosed in if you needed to run it again. Simple, slick, sufficient. Please read up on packet filtering. Microsoft Internet Connection sharing is not a simple hack. Its a lot of work to provide a simple, robust interface to newbies who want to share an internet connection. I would remind you that they basically *didnt* even write it. They bought out the company that *did* write it. It used to be a product called NAT1000 for Windows NT, and sure enough, it started to sell like hotcakes. Naturally, Micro$loth being the anti-competitive juggernaut that it is, swallowed them up, and started tossing it in with Windows 98 Second Edition. There is simply sooo many different variants of these 'firewall scripts' on freshmeat that it would be silly to try to come up with a 'here, this does it for everybody'. It is the obligation of the system administrator. Again, like I said, it is %100 configuration, with many peices in the *kernel*. This is not the domain of a 'package'. If it helps you, Im personally using a modified version of something I grabbed from freshmeat. Good Luck. Of course Id be willing to send you a copy if you wish. Cheers -- Donny _______________________________________________ gentoo-dev mailing list gentoo-dev@cvs.gentoo.org http://cvs.gentoo.org/mailman/listinfo/gentoo-dev