Firewall Router Answers

[nomar]

Short answer: No

firestarter will use it's own iptable script, but you should be able to set it up in no time.

[nomar]

I'll try to explain some stuff, and dispell some myths...

To begin with, iptables is basically a collection of rules, contained within a table. These rules are used by netfilter within the Linux kernel to examine and filter network traffic. In BSD world, such tools are ipf and pf.

You can configure iptables rulsets at the command line using the command 'iptables', however when you restart the machine the configuration is lost. Therefore, scripts which are run at startup are required to contain your configuration, and set how network traffic is handled. To check your current iptables configuration do:

# iptables -L

Redhat had a gui which created a script in /etc/init.d/ which was called (confusingly) iptables. This script could have been called eric, the name is not important! You set options in the gui, the gui creates the script. At startup the script is run, and sets your iptables rulset to filter your net traffic (and NAT etc.).

Firestarter does the same. You set options in firestarter, firestarter creates the script. At startup the script is run, and sets your iptables rulset to filter your net traffic (and NAT etc.). The script is kept in /etc/firestarter and is called firestarter.sh. An init script in /etc/init.d (or wherever it may be for your distro) can be run at startup, this in turn executes the script /etc/firestarter/firestarter.sh.

There are a number of ways to create iptables scripts. A text editor, a gui like firestarter, a utility such as shorewall, however they all do the same thing, which is to set iptables rule sets which are interperated by the kernel.

I hope this explains things clearly.

[Manlynux]

Hmmmmm

[nomar]

Sorry?!?

[Wraithe]

i do realise you guys are going to say i'm swearing but i'm trying to connect a linux box running mandrake 9.0 with a win box running xp home. the win box is the internet connection. this is for a friend and i dont want to tell her where to go. also cant load windows on linux box . ha ha windows will not load up on this machine and if it does it crashes big time . linux only which is cool by me. the network is kind of working but the winbox wont play ball so the linbox is not able to access anything on the winbox. sorry about asking a silly question but i've had ten years break from computers and i just play now. please help..

[netranger]

My friend wants to get a Dlink router. I want to give him the option of a Linux router. Firestarter looks great, but are there any more programs you experts could recommend?

[adrianacosta]

Firestarter works on the Alinux distro ???

[fragenstein]

Good tutorial but you did not address if a static IP is purchased from ISP. This is the exact problem I am having. My understanding is that for static IP's I should be issuing the following commands:
>ifconfig eth0 123.456.789.012 netmask 255.255.255.248
>route add default gw 123.456.888.999
and then add to the resolv.conf the
nameserver 123.456.777.1
nameserver 123.456.777.2
My route - n gives the following results:
Dest gateway genmask flags metric Ref use IF
123.456.789.144 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.1 * 255.0.0.0 U 0 0 0 lo
default 123.456.888.999 0.0.0.0 UG 0 0 0 eth0

I use a dlink 300i to connect to the ISP and if I connect a windows computer directly to it (no special software) with the static IP, it connects fine. When I connect the Linux box (which is going to be the gateway) I get 'network unreachable' on the linux box and can't ping the gateway. If I put a router which I borrowed for testing between the dlink and linux box with an internal IP I can then reach the internet.
My first question is, what else can I do/check?
2nd, if I do get myself a router to use between dlink and linuxbox, will it then be to any effect to have linux as a gateway for port forwarding and firewall since many router have firewall in them? I would assume that to be effective, I would have to create two internal subnets for the Interfaces on the linuxbox (IE 192.168.1.x for ext interface and 192.168.2.x for internal interface and windows box).
FYI:I was wanting to set up both linux and windows box for external access from the net for different purposes. I am right in that I only need one external IP and use port forwarding to do this correct?.

Sorry if I am posting this in the wrong area but the sticky thread seemed appropriate.

[gagan_goku]

I am right in that I only need one external IP and use port forwarding to do this correct?.

I am thinking that you configure the router that joins both the subnets in some way to do this,maybe by forwarding the packet to diff comp depending on which port the packet is meant for.
This way (maybe) you can access both comps with just one static ip.
In case you meant something else,please explain.

[ranzaan]

Hi,
thats fine. bt' i need to trace users who use the internet through this fedora gateway. How can i do that.. how can i trace each user to find out where they r browsing and also let me know the trick for blocking websites in Firestarter.

Thanku.