I have attached the files that will create a firewall and also do the IP
Masquerading. This should work with any standard Redhat RPM 2.4 kernel.
However if you compile a kernel you will have to create modules for the
IP Masquerading features otherwise these files will not work.
Now install firewall-2.4 in /etc/rc.d/init.d and make it executable.
Install rc.firewall-2.4 /etc/rc.d and make it executable. You can
install rc.firewall-2.4 anywhere you wish but you will have to edit
firewall-2.4 and tell it where to load that file.
Now when all files are in place run the following command: "chkconfig
--level=345 firewall-2.4 on" (without ""). This will make firewall-2.4
run in runlevel 3,4,5.
Once this is done reboot your machine and both files should setup
firewall and IP Masqurading. Also it is setup that eth0 is connected to
internet connection and eth1 is connected to internal network. It is
setup also for DHCP on eth0.
IP-Masquerade-HOWTO is a good source if you have problems.
Enjoy
Jim
Sun, 2004-01-04 at 11:27, Davor Herga wrote:
> >
> > Message: 17
> > Date: Sun, 04 Jan 2004 22:51:08 +1000
> > From: Scott Blackman <sblackman@xxxxxxxxxxx>
> > To: fedora-list@xxxxxxxxxx
> > Subject: Fedora IP Masquerading
> > Reply-To: fedora-list@xxxxxxxxxx
> >
> > How do I set up IP Masquerading on my fedora box?
> >
> > THX
> > Scott
>
>
> Try this site:
>
>
> http://www.e-infomax.com/ipmasq/
>
> ENjoY!
>
> Davor.
>
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
--
James W. Bennett <silverhead@xxxxxxxxxxx>
#!/bin/sh
# chkconfig: 2345 11 89
# description: Loads the rc.firewall-2.4 ruleset.
# processname: firewall-2.4
# pidfile: /var/run/firewall.pid
# config: /etc/rc.d/rc.firewall-2.4
# probe: true
#v11/19/03
/etc/rc.d/init.d/functions
# Check that networking is up.
[ "XXXX${NETWORKING}" = "XXXXno" ] && exit 0
[ -x /sbin/ifconfig ] || exit 0
IPTABLES=/sbin/iptables
case "$1" in
start)
/etc/rc.d/rc.firewall-2.4
;;
stop)
echo -e "\nFlushing firewall and setting default policies to DROP\n"
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
# Delete all User-specified chains
$IPTABLES -X
# Reset all IPTABLES counters
$IPTABLES -Z
;;
restart)
$0 stop
$0 start
;;
status)
$IPTABLES -L
;;
mlist)
cat /proc/net/ip_conntrack
;;
*)
echo "Usage: firewall-2.4 {start|stop|status|mlist}"
exit 1
esac
exit 0
#!/bin/sh
# rc.firewall-2.4
FWVER=0.74
# Initial SIMPLE IP Masquerade test for 2.4.x kernels
using IPTABLES.
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from another reputable resource.
# LOG:
# 0.74 - the ruleset now uses modprobe vs. insmod
# 0.73 - REJECT is not a legal policy yet; back to DROP
# 0.72 - Changed the default block behavior to REJECT not DROP
# 0.71 - Added clarification that PPPoE users need to use
"ppp0" instead of "eth0" for their external interface
# 0.70 - Added commented option for IRC nat module
# - Added additional use of environment variables
# - Added additional formatting
# 0.63 - Added support for the IRC IPTABLES module
# 0.62 - Fixed a typo on the MASQ enable line that used eth0
# instead of $EXTIF
# 0.61 - Changed the firewall to use variables for the internal
# and external interfaces.
# 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
# all forwarded packets but it didn't have a rule to ACCEPT
# any packets to be forwarded either
# Load the ip_nat_ftp and ip_conntrack_ftp modules by default
# 0.50 - Initial draft
echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"
# The location of the iptables and kernel module programs
# If your Linux distribution came with a copy of iptables,
# be in /usr/local/sbin
# ** Please use the "whereis iptables" command to figure out
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
#Setting the EXTERNAL and INTERNAL interfaces for the network
# Each IP Masquerade network needs to have at least one
# external and one internal network. The external network
# is where the natting will occur and the internal network
# should preferably be addressed with a RFC1918 private address
# scheme.
# For this example, "eth0" is external and "eth1" is internal"
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
#No editing beyond this line is required for initial MASQ testing
echo -en " loading modules: "
# Need to verify that all modules have all required dependencies
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo "----------------------------------------------------------------------"
echo -en "ip_tables, "
$MODPROBE ip_tables
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc
echo "----------------------------------------------------------------------"
echo -e " Done loading modules.\n"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-2.4 v$FWVER done.\n"
