* [gentoo-dev] Fast NAT-Solution
@ 2001-10-01 10:32 Sebastian Werner
2001-10-01 12:28 ` scott worley
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Sebastian Werner @ 2001-10-01 10:32 UTC (permalink / raw
To: Gentoo-Dev
Hey gentoo-developer,
is there anybody who has worked some time with iptables. I need a
solution to get a network in the internet. I have read some material
about security and so on, but there is not so much about NAT. I want
that all ports (http, https, ftp, pop3, smtp) and all requests go to all
the network-clients. I don't want to study a more than 100 page book for
this smart solution (under windows I must only activate internet
connection sharing - I want this for linux)
Ok I am a bad guy, please help me if you have a minute to much today,
Thanks,
Sebastian
sebastian@werner-productions.de
http://www.werner-productions.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] Fast NAT-Solution
2001-10-01 10:32 [gentoo-dev] Fast NAT-Solution Sebastian Werner
@ 2001-10-01 12:28 ` scott worley
2001-10-01 13:46 ` Viktor Lakics
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: scott worley @ 2001-10-01 12:28 UTC (permalink / raw
To: gentoo-dev
On Mon, 1 Oct 2001 18:31:34 +0200
"Sebastian Werner" <sebastian@werner-productions.de> wrote:
> Hey gentoo-developer,
>
> is there anybody who has worked some time with iptables. I need a
> solution to get a network in the internet. I have read some material
> about security and so on, but there is not so much about NAT. I want
> that all ports (http, https, ftp, pop3, smtp) and all requests go to all
> the network-clients. I don't want to study a more than 100 page book for
> this smart solution (under windows I must only activate internet
> connection sharing - I want this for linux)
>
> Ok I am a bad guy, please help me if you have a minute to much today,
>
> Thanks,
>
> Sebastian
> sebastian@werner-productions.de
> http://www.werner-productions.de
>
>
>
>
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@cvs.gentoo.org
> http://cvs.gentoo.org/mailman/listinfo/gentoo-dev
On freshmeat.net there's an iptables tutorial which came out in the last week. It does have a sample rc script for RH7.1. Maybe that will help.
scott
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] Fast NAT-Solution
2001-10-01 10:32 [gentoo-dev] Fast NAT-Solution Sebastian Werner
2001-10-01 12:28 ` scott worley
@ 2001-10-01 13:46 ` Viktor Lakics
2001-10-01 13:53 ` [gentoo-dev] Fast NAT-Solutionr Daniel Robbins
2001-10-01 14:50 ` [gentoo-dev] Fast NAT-Solution Martin Schlemmer
2001-10-01 20:45 ` Clay Mitchell
3 siblings, 1 reply; 6+ messages in thread
From: Viktor Lakics @ 2001-10-01 13:46 UTC (permalink / raw
To: gentoo-dev
I think you can have internet-connection sharing out-of the box in
Mandrake. If you want it on Gentoo, you might want to take a look at
their solution, and use their rpms...
Viktor
On Mon, Oct 01, 2001 at 06:31:34PM +0200, Sebastian Werner wrote:
> Hey gentoo-developer,
>
> is there anybody who has worked some time with iptables. I need a
> solution to get a network in the internet. I have read some material
> about security and so on, but there is not so much about NAT. I want
> that all ports (http, https, ftp, pop3, smtp) and all requests go to all
> the network-clients. I don't want to study a more than 100 page book for
> this smart solution (under windows I must only activate internet
> connection sharing - I want this for linux)
>
> Ok I am a bad guy, please help me if you have a minute to much today,
>
> Thanks,
>
> Sebastian
> sebastian@werner-productions.de
> http://www.werner-productions.de
>
>
>
>
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@cvs.gentoo.org
> http://cvs.gentoo.org/mailman/listinfo/gentoo-dev
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] Fast NAT-Solutionr
2001-10-01 13:46 ` Viktor Lakics
@ 2001-10-01 13:53 ` Daniel Robbins
0 siblings, 0 replies; 6+ messages in thread
From: Daniel Robbins @ 2001-10-01 13:53 UTC (permalink / raw
To: gentoo-dev
On Mon, Oct 01, 2001 at 08:49:35PM +0100, Viktor Lakics wrote:
> I think you can have internet-connection sharing out-of the box in
> Mandrake. If you want it on Gentoo, you might want to take a look at
> their solution, and use their rpms...
Um, this isn't good advice! There are several people who know/use iptables
NAT, including myself. If someone needs specific advice, just post specific
information (interfaces, IPs, what you are trying to do, etc) and we can help.
Using Mandrake RPMs under Gentoo Linux is a *bad* idea. Nothing personal,
but it's not the way to go.
Best Regards,
--
Daniel Robbins <drobbins@gentoo.org>
Chief Architect/President http://www.gentoo.org
Gentoo Technologies, Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] Fast NAT-Solution
2001-10-01 10:32 [gentoo-dev] Fast NAT-Solution Sebastian Werner
2001-10-01 12:28 ` scott worley
2001-10-01 13:46 ` Viktor Lakics
@ 2001-10-01 14:50 ` Martin Schlemmer
2001-10-01 20:45 ` Clay Mitchell
3 siblings, 0 replies; 6+ messages in thread
From: Martin Schlemmer @ 2001-10-01 14:50 UTC (permalink / raw
To: gentoo-dev
On Mon, 2001-10-01 at 18:31, Sebastian Werner wrote:
> Hey gentoo-developer,
>
> is there anybody who has worked some time with iptables. I need a
> solution to get a network in the internet. I have read some material
> about security and so on, but there is not so much about NAT. I want
> that all ports (http, https, ftp, pop3, smtp) and all requests go to all
> the network-clients. I don't want to study a more than 100 page book for
> this smart solution (under windows I must only activate internet
> connection sharing - I want this for linux)
>
> Ok I am a bad guy, please help me if you have a minute to much today,
>
> Thanks,
>
> Sebastian
> sebastian@werner-productions.de
> http://www.werner-productions.de
>
>
>
Hi
This is a simple example from Rusty's packet-filtering-HOWTO.
It uses simple statefull filtering (related connections is allowed back
in, but no NEW connections is allowed in).
------------cut here------------------------------------
#!/bin/bash
# Load the required modules if modular kernel is used
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
# Masquerade out ppp0
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Disallow NEW and INVALID incoming or forwarded
# packets from ppp0.
/usr/sbin/iptables -A INPUT -i ppp0 -m state \
--state NEW,INVALID -j DROP
/usr/sbin/iptables -A FORWARD -i ppp0 -m state \
--state NEW,INVALID -j DROP
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
---------cut here---------------------------------------------
Hope it is of some help.
Greetings,
MS
--
Martin Schlemmer
Gentoo Linux Developer, Desktop Team Developer
Cape Town, South Africa
Town, South Africa
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [gentoo-dev] Fast NAT-Solution
2001-10-01 10:32 [gentoo-dev] Fast NAT-Solution Sebastian Werner
` (2 preceding siblings ...)
2001-10-01 14:50 ` [gentoo-dev] Fast NAT-Solution Martin Schlemmer
@ 2001-10-01 20:45 ` Clay Mitchell
3 siblings, 0 replies; 6+ messages in thread
From: Clay Mitchell @ 2001-10-01 20:45 UTC (permalink / raw
To: gentoo-dev
I've found MonMotha's nat script is fantastic. Sets up your rules for
you, even allows you to easily do port forwarding.
http://monmotha.mplug.org/firewall/index.php
-----Original Message-----
From: gentoo-dev-admin@cvs.gentoo.org
[mailto:gentoo-dev-admin@cvs.gentoo.org] On Behalf Of Sebastian Werner
Sent: Monday, October 01, 2001 12:32 PM
To: Gentoo-Dev
Subject: [gentoo-dev] Fast NAT-Solution
Hey gentoo-developer,
is there anybody who has worked some time with iptables. I need a
solution to get a network in the internet. I have read some material
about security and so on, but there is not so much about NAT. I want
that all ports (http, https, ftp, pop3, smtp) and all requests go to all
the network-clients. I don't want to study a more than 100 page book for
this smart solution (under windows I must only activate internet
connection sharing - I want this for linux)
Ok I am a bad guy, please help me if you have a minute to much today,
Thanks,
Sebastian
sebastian@werner-productions.de http://www.werner-productions.de
_______________________________________________
gentoo-dev mailing list
gentoo-dev@cvs.gentoo.org
http://cvs.gentoo.org/mailman/listinfo/gentoo-dev
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2001-10-02 2:44 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-10-01 10:32 [gentoo-dev] Fast NAT-Solution Sebastian Werner
2001-10-01 12:28 ` scott worley
2001-10-01 13:46 ` Viktor Lakics
2001-10-01 13:53 ` [gentoo-dev] Fast NAT-Solutionr Daniel Robbins
2001-10-01 14:50 ` [gentoo-dev] Fast NAT-Solution Martin Schlemmer
2001-10-01 20:45 ` Clay Mitchell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox