Find the answer to your Linux question:
Results 1 to 10 of 10
I'd like to learn how to configure a firewall via IP tables and all the good stuff but I don't much about them. Where can I look find good information ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319

    Firewall info


    I'd like to learn how to configure a firewall via IP tables and all the good stuff but I don't much about them. Where can I look find good information for a newbie like myself?
    The best things in life are free.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    http://www.netfilter.org/ has a lot of good docs on that. After all, they invented it, so I guess they know what they're talking about.

  3. #3
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Is there any order that I should read these documents? Are there any prerequisites for these documents?
    The best things in life are free.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I guess the best thing would be to read the network concepts howto, the packet filtering howto and then the nat howto, and possibly the netfilter extensions howto, if you think you really need it. The netfilter hacking howto is for hacking the kernel source, so I'll leave it to you to decide whether or not to read that.

    Note, however, that the manpage for iptables is also really, really good. I think I learned everything from it. I suggest using "man -t iptables | ggv -" for greater readability, though.

  6. #5
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Could you give me an EXACT order of what I should read? I feel that it's important for me to learn this in order. It's also really sad that I have a college degree and Dolda knows soooo much more than I do about computers in general. I feel like the education that I received was a waste.
    The best things in life are free.

  7. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I'm sorry for making you feel that way. =) But on the other hand, I'm guessing that I have kind of a head start. I've had a computer my entire life, and my dad started teaching me how to program when I was five, and I've been hooked on it ever since. =)

    But I'm actually having kind of a hard time determining that. I've never been a really good teacher. But now that I've remembered it, I'd really recommend that you read the iptables man page. I didn't think of it in my first post, but it actually is really good and describes most of it.

  8. #7
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Dolda,

    Don't feel bad for your talents. I'd probably get my kid to play sports or take up music at an early age. As for computers, I'll probably make him learn that since it's becoming a part of my life.
    I didn't touch a computer till my freshman year at college. I didn't really learn about computers until I decided to learn HTML over my sophomore vacation. I didn't know how to program in C until my senior year. That's when I decided that I really wanted to study. Luckily, I was able to graduate.
    Anyhow, iptables.. do I need to know detailed info about TCP/IP before reading those manuals on iptables?
    The best things in life are free.

  9. #8
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I don't think that you need any that detailed information. Of course, it's a good thing to know about IP addresses and subnets and about datagram based communication (ie. you will need to keep in mind that even TCP is transferred over packets), since iptables works by evaluating every individual packet against the rules, even those that are part of an already established TCP connection. Subnet masks are really useful for packet matching, eg. 192.168.0.0/24 matches everything from or to my LAN.
    And of course, if there is anything you might wonder about in the manpage, you can just ask back here.

  10. #9
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Where can I find a good amount of sources for TCP/IP? I know how the addressing system works but I can't really define what subnet, gateway are. Of course I know how they are used but that's different than knowing how they really work.
    The best things in life are free.

  11. #10
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Subnets aren't ever used in the protocol, they are pure software contraptions. They are used primarily for pattern matching and for routing. For example, if you set up your IP address to be something with a subnet mask of 255.255.255.0, the standard routing rules will be set up so that only those packets with destination address that match the subnet will be routed without using a gateway. Also, gateways will never route broadcast beyond the subnet where it originated.
    So they don't really have an inner working, as you may think. It's not like the IP packets know anything about subnets. They are only configured and used by the kernels on the computers connected to the network, mainly in order to know where to route packets.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •