From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: * X-Spam-Status: No, score=1.1 required=5.0 tests=DATE_IN_PAST_12_24,DMARC_NONE, INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from smtp06.iafrica.com ([196.2.51.5]) by cvs.gentoo.org with esmtp (Exim 3.30 #1) id 15oA0T-0003pS-00 for gentoo-dev@cvs.gentoo.org; Mon, 01 Oct 2001 14:49:42 -0600 Received: from nosferatu.lan ([196.30.179.247]) by smtp06.iafrica.com (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0GKJ002CCOH8GC@smtp06.iafrica.com> for gentoo-dev@cvs.gentoo.org; Mon, 1 Oct 2001 22:48:45 +0200 (SAT) From: Martin Schlemmer Subject: Re: [gentoo-dev] Fast NAT-Solution In-reply-to: <000601c14a96$8c906e30$0100a8c0@wp> To: gentoo-dev@cvs.gentoo.org Message-id: <1001969461.956.38.camel@nosferatu.lan> MIME-version: 1.0 X-Mailer: Evolution/0.14 (Preview Release) Content-type: text/plain Content-transfer-encoding: 7bit References: <000601c14a96$8c906e30$0100a8c0@wp> Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Mon Oct 1 14:50:02 2001 X-Original-Date: Mon, 01 Oct 2001 22:50:59 +0200 X-Archives-Salt: af8e8db6-e6ad-4f9c-b65b-57af51bbf919 X-Archives-Hash: 3a25a1048ba7e9c8d66909023f27c711 On Mon, 2001-10-01 at 18:31, Sebastian Werner wrote: > Hey gentoo-developer, > > is there anybody who has worked some time with iptables. I need a > solution to get a network in the internet. I have read some material > about security and so on, but there is not so much about NAT. I want > that all ports (http, https, ftp, pop3, smtp) and all requests go to all > the network-clients. I don't want to study a more than 100 page book for > this smart solution (under windows I must only activate internet > connection sharing - I want this for linux) > > Ok I am a bad guy, please help me if you have a minute to much today, > > Thanks, > > Sebastian > sebastian@werner-productions.de > http://www.werner-productions.de > > > Hi This is a simple example from Rusty's packet-filtering-HOWTO. It uses simple statefull filtering (related connections is allowed back in, but no NEW connections is allowed in). ------------cut here------------------------------------ #!/bin/bash # Load the required modules if modular kernel is used /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack /sbin/modprobe ip_tables # Masquerade out ppp0 /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Disallow NEW and INVALID incoming or forwarded # packets from ppp0. /usr/sbin/iptables -A INPUT -i ppp0 -m state \ --state NEW,INVALID -j DROP /usr/sbin/iptables -A FORWARD -i ppp0 -m state \ --state NEW,INVALID -j DROP # Turn on IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward ---------cut here--------------------------------------------- Hope it is of some help. Greetings, MS -- Martin Schlemmer Gentoo Linux Developer, Desktop Team Developer Cape Town, South Africa Town, South Africa