Am Donnerstag, 7. November 2002 17:55 schrieb Ryan Brown: > I'm looking to take the dip into using my Linux box as a NAT and > multihoming 2 connections into it.. Has anyone out there experience in > this? Perhaps a pointer to a how-to or 2? Ultimatly, I'd like to use > Fedora for this as well as my other server applications.. take a look at http://www.fwbuilder.org/ fwbuilder is a GUI for iptables etc., it generates a firewall scripts for various firewalls. I start mine in: - rc.local, - ifup-post near the end, so that if the connection gets restarted, my anti-spoofing rules get updated to the new IP-Adress. You can get your current IP-Adress into $IP_PPP0 as below and use it instead of the hard-coded IP-Adress fwbuilder generates. Just edit the generated script appropriately. I start iptables originally with the simple "default deny"s for INPUT, FORWARD and OUTPUT chains, saved to /etc/sysconfig/iptables so it gets started at boot time before the dynamic IP-Adress is known. /etc/rc.d/rc.local: #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local # start NAT firewall: echo "starting firewall from rc.local ..." /etc/rc.d/lxFirewall_nat.fw IP_PPP0=`/sbin/ifconfig ppp0 2>/dev/null | grep inet | cut -d : -f 2 \ | cut -d \ -f 1` if test "$IP_PPP0" = ""; then echo "no route to timeserver." else echo "synchronize system time ..." /usr/sbin/ntpdate -v ntp2.fau.de fi echo "rc.local completed." /etc/sysconfig/network-scripts/ifup-post: # ... # redo Firewall script if [ "${DEVICE}" = "ppp0" ]; then logger $"Fred - restarting firewall with new IP ..." /etc/rc.d/lxFirewall_nat.fw logger $"Fred - firewall restarted." fi # Notify programs that have requested notification do_netreport if [ -x /sbin/ifup-local ]; then /sbin/ifup-local ${DEVICE} fi exit 0 > > Regards, > > Ryan > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-list -- _______________________________ Paul Stanhope Hartshausen 2 84079 Bruckberg Tel.: +49 8765 237 Email: fredn1@xxxxxx _______________________________
