This is a multi-part message in MIME format. ------=_NextPart_000_011F_01BFFB93.0A4B3B10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Alan, Another easily configurable firewall/masquerade solution would be = Pmfirewall available from ftp.pointman.org or www.pointman.org . This = script configures ipchains for you with only a few question, and will = run magnificently on linux. It can also be custom configured by an = experienced user that wants a more custom firewall. Dave Chacko >Date: Mon, 31 Jul 2000 22:25:13 -0700 >From: Doug Winterburn >Reply-To: doug@winterburn.net >To: plug-discuss@lists.PLUG.phoenix.az.us >Subject: Re: Newbie firewall/masqarade/proxy confusion >Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > >Alan, > >I'm doing exactly what you want to do. My ISP is Sprint Broadband >(formerly Speedchoice). > >First, you have picked the appropiate hardware - a 486 makes a great >router/firewall/server. You will want two NICs in it. One should be a >10MB/sec to connect to the DSL external modem, and the other will be to >connect to your internal network and can be a 10MB, 10/100 or 100, >depending on what you think you need internally. I have gotten by >rather well with cheapo ($10/NIC) Dlink, Linksys, SMC, etc NICs. 10MB >has been entirely sufficient for me and I have 8 machines on the >internal network. I've found that the plain old NE2000 compatible NICs >are easily supported, but you may have to manually configure if you = only >have an ISA bus. Also, an 8 port rj45, 1 port bnc hub can be had for >about $40 if you for a 10MB internal network. > >I also run RH 6.2. your firewall will consist of a startup script >(calling ipchains many times) to do packet filtering and masquerading, >and possibly a tcpwrappers config file set as a second level of >protection. I set up my firewall script from the following site: > >http://linux-firewall-tools.com/linux/firewall/index.html > >The two tcpwrapper scripts you need could look like: > >/etc/hosts.deny >------------- > >ALL : ALL > >/etc/hosts.allow >-------------- > >ALL : 192.168.1.0/255.255.255.0 127.0.0.1 > >Assuming your internal network is 192.168.1.x, the above two files will >allow any connections from your internal network to inet daemons, but >will prevent any other access to those daemons. > >You will also need to think about whether you want to run an internal >DNS, web server, sendmail or some other email MTA. Also, you want to >consider whether you want your internal clients to run pop or imap.=20 >Also, you probably want to get openssh and possibly openssl for secure >access from the outside. Also, Samba is a must if you have windows >machines on your internal network, and can be very helpful even if you >don't. and don't be without Webmin: http://www.webmin.com/webmin/ for >system administration. With webmin, I run my 486 from a browser - the >machine has no KB, mouse or terminal. > >Definitely, you should apply for your own domain name. > >I'm sure I've forgotten many little things. It's so much fun, I can't >get it all into one email :-) > >If you would like to discuss my experiences with all this, don't >hesitate to email. I can send you sample config files, etc. > >-Doug Winterburn >Date: Mon, 31 Jul 2000 13:07:58 -0700 >To: plug-discuss@lists.plug.phoenix.az.us >From: "Alan Dayley" >Subject: Newbie firewall/masqarade/proxy confusion >Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > >I confess to being a MS user for, low, many years. I am now >coming into the Linux light! It is making computer exciting >again. > >I am scheduled to get DSL with a static IP in a week or two. >As a first Linux learning experience, I have setup an old 100MHz >486 PC, 32MB RAM, 1.5GB hard disk space, 2 16-bit Intel network >cards, VGA, mouse, blah, blah... with RedHat 6.2. X still does >not work but that is not important now. My intention is to have >this little PC be a firewall for my other computers to share the >DSL connection. > >My confusion is this: I am finding in my readings that what I >thought was a firewall maybe something more. I am still trying >to understand the differences between the terms firewall, >masqarading, routing and proxy server. Maybe the confusion is >from the fact that configuring TCP/IP is still a new thing to me >along with Linux. > >What I want to make is my Linux box providing a single "presence" >to the internet while the workstations "behind" the Linux box can >surf and do email without being "visible" to the internet. What >combination of firewall/masqarade/proxy stuff do I need? > >Remember, I am a newbie, be kind. > >Alan ------=_NextPart_000_011F_01BFFB93.0A4B3B10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Alan,
 
Another easily configurable = firewall/masquerade=20 solution would be Pmfirewall available from ftp.pointman.org or www.pointman.org . This script = configures=20 ipchains for you with only a few question, and will run magnificently on = linux.=20 It can also be custom configured by an experienced user that wants a = more custom=20 firewall.
 
Dave Chacko
 
>Date: Mon, 31 Jul 2000 22:25:13=20 -0700
>From: Doug Winterburn <doug@winterburn.net>
>Re= ply-To:=20 doug@winterburn.net
>To: = plug-discuss@lists.= PLUG.phoenix.az.us
>Subject:=20 Re: Newbie firewall/masqarade/proxy confusion
>Reply-To: plug-discuss@lists.= PLUG.phoenix.az.us
>
>Alan,
>
>I'm=20 doing exactly what you want to do.  My ISP is Sprint=20 Broadband
>(formerly Speedchoice).
>
>First, you have = picked=20 the appropiate hardware - a 486 makes a=20 great
>router/firewall/server.  You will want two NICs in = it. =20 One should be a
>10MB/sec to connect to the DSL external modem, = and the=20 other will be to
>connect to your internal network and can be a = 10MB,=20 10/100 or 100,
>depending on what you think you need = internally.  I=20 have gotten by
>rather well with cheapo ($10/NIC) Dlink, Linksys, = SMC, etc=20 NICs.  10MB
>has been entirely sufficient for me and I have 8 = machines on the
>internal network.  I've found that the plain = old=20 NE2000 compatible NICs
>are easily supported, but you may have to = manually=20 configure if you only
>have an ISA bus.  Also, an 8 port = rj45, 1 port=20 bnc hub can be had for
>about $40 if you for a 10MB internal=20 network.
>
>I also run RH 6.2.  your firewall will = consist of a=20 startup script
>(calling ipchains many times) to do packet = filtering and=20 masquerading,
>and possibly a tcpwrappers config file set as a = second=20 level of
>protection.  I set up my firewall script from the = following=20 site:
>
>http:/= /linux-firewall-tools.com/linux/firewall/index.html
>
>Th= e=20 two tcpwrapper scripts you need could look=20 like:
>
>/etc/hosts.deny
>-------------
>
>= ALL    =20 :=20 ALL
>
>/etc/hosts.allow
>--------------
>
>= ALL    =20 : 192.168.1.0/255.255.255.0 127.0.0.1
>
>Assuming your = internal=20 network is 192.168.1.x, the above two files will
>allow any = connections=20 from your internal network to inet daemons, but
>will prevent any = other=20 access to those daemons.
>
>You will also need to think = about=20 whether you want to run an internal
>DNS, web server, sendmail or = some=20 other email MTA.  Also, you want to
>consider whether you = want your=20 internal clients to run pop or imap.
>Also, you probably want to = get=20 openssh and possibly openssl for secure
>access from the = outside. =20 Also, Samba is a must if you have windows
>machines on your = internal=20 network, and can be very helpful even if you
>don't.  and = don't be=20 without Webmin: http://www.webmin.com/webmin/ = for
>system administration.  With webmin, I run my 486 from a = browser=20 - the
>machine has no KB, mouse or = terminal.
>
>Definitely,=20 you should apply for your own domain name.
>
>I'm sure I've=20 forgotten many little things.  It's so much fun, I can't
>get = it all=20 into one email :-)
>
>If you would like to discuss my = experiences=20 with all this, don't
>hesitate to email.  I can send you = sample=20 config files, etc.
>
>-Doug Winterburn
>Date: Mon, 31 = Jul 2000=20 13:07:58 -0700
>To: plug-discuss@lists.= plug.phoenix.az.us
>From:=20 "Alan Dayley" <ADayley@adtron.com>
>Subj= ect:=20 Newbie firewall/masqarade/proxy confusion
>Reply-To: plug-discuss@lists.= PLUG.phoenix.az.us
>
>I=20 confess to being a MS user for, low, many years.  I am = now
>coming=20 into the Linux light!  It is making computer=20 exciting
>again.
>
>I am scheduled to get DSL with a = static IP=20 in a week or two.
>As a first Linux learning experience, I have = setup an=20 old 100MHz
>486 PC, 32MB RAM, 1.5GB hard disk space, 2 16-bit = Intel=20 network
>cards, VGA, mouse, blah, blah... with RedHat 6.2.  X = still=20 does
>not work but that is not important now.  My intention = is to=20 have
>this little PC be a firewall for my other computers to share = the
>DSL connection.
>
>My confusion is this:  I = am=20 finding in my readings that what I
>thought was a firewall maybe = something=20 more.  I am still trying
>to understand the differences = between the=20 terms firewall,
>masqarading, routing and proxy server.  = Maybe the=20 confusion is
>from the fact that configuring TCP/IP is still a new = thing=20 to me
>along with Linux.
>
>What I want to make is my = Linux=20 box providing a single "presence"
>to the internet while the = workstations=20 "behind" the Linux box can
>surf and do email without being = "visible" to=20 the internet.  What
>combination of firewall/masqarade/proxy = stuff do=20 I need?
>
>Remember, I am a newbie, be=20 kind.
>
>Alan
------=_NextPart_000_011F_01BFFB93.0A4B3B10--