On Sun, 2007-04-01 at 23:51 +0800, edwardspl@xxxxxxxxxx wrote: > Sorry, due to the Router can't to be enabled the firewall function, so > we can to enable the firewall function by using linux only... > So, how to config the DNS and the NAT function ? You'd use iptables rules to do firewalling and NAT. You can write them by hand, or use a configuration tool like firestarter (firestarter is *not* something that I have experience with). See the iptables man file for how to do that, but if that appears too hard, look at firestarter. There's a couple of GUI tools for setting them up, but I think that's recommended as one of the easier ones. For generic firewalling, you'd set up a rule that dropped all new connections by default. Then you'd add specific rules to allow *some* things. You'd do this on any machine, itself, that was publically accessible. Which leads to linking public IPs to local LAN IPs. You could use forwarding rules to pass all connections to a specific public address to an internal one, or more specific rules just for certain ports (such as running a webserver). There are specific iptable rule types for NAT purposes (nat and prerouting), rather than just port forwarding rules. I haven't played with NAT tied into public IPs, so that's beyond my experience. You'd want to do things that way, though, if you want a machine in your LAN to act as if directly on the internet. I think that's getting beyond the free help on a mailing list, though. You need to know quite a bit about how networking works, before you can use the tools to set it up. If you knew that, you ought to be able to work out how to use the tools. It sounds like you need to read more about that, first. Then you mention DNS. Again, it's too vaguely worded. Are you setting up a DNS server so all your LAN PCs can use it to resolve LAN addresses? Or for it to resolve internet addresses for them? Or for it to answer public queries for your own domain name? NB: I think some things are getting lost in translation. You might also want to write it in your native tongue, you might get a direct reply from someone who knows exactly what you mean. -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.