AW: AW: [suse-security] IP Forwarding - HELP
Here are two URL for iptables which were sent to me in answer to my question about masquerading: http://bolug.uni-bonn.de/wissen/masquerading.html http://www.fruehbrodt.org/artikel/netfilter.html Stephan -----Ursprüngliche Nachricht----- Von: nico@edoc.co.za [mailto:nico@edoc.co.za] Gesendet: Mittwoch, 9. Januar 2002 07:45 An: OKDesign oHG Security Administrator Betreff: Re: AW: [suse-security] IP Forwarding - HELP Hi, I'm trying to achive exactly the same with a Linux 2.4 kernel. Would you mind sending me the info as well? Thanks Nico
Hi Dan,
it depends on which Kernel-version you use. If you use 2.4 you need iptables. Exactly this point was discussed during the last days (I'm sure on this 'cause it was me who asked about Masquerading *g*). If you use 2.2 or earlier you need ipchains. Which syntax should be used has been written in my first post about this. If you don't have it anymore, tell me. I can write it again. Back to the roots of your question: IP-forwarding alone is not enough. You need Masquerading because the (ethernet-)IP of your Windozebox is a private IP and not able to be routed over the internet. So the linux-box has to change the sender-IP of the packets to his official IP (granted from your provider, most likely to be a dynamic one) in order to enable answer-packets to find the way back to you. Then your router (the linux-box acts exactly like a router) send the answers back to your windozebox. This is what masquerading means. Again, tell your kernelversion and we can tell you the syntax.
Stephan
-----Ursprüngliche Nachricht----- Von: Dan Banyard [mailto:dan@www.edentify.com.au] Gesendet: Mittwoch, 9. Januar 2002 04:20 An: suse-security@suse.com Betreff: [suse-security] IP Forwarding - HELP
Hi
I have two machine, one Windows NT box and a Linux box (which is connected to the www via a modem) and these two machine are connected directly via ethernet.
I am trying to set up my Linux box so I can get access to the www from the Windows NT box via the Linux box. So far I have enabled IP Forwarding in the rc.config file. I am really unsure what to do now to get this to work - I have read countless linux documents about setting up masquerading but the examples don't seem to comply with Suse. Do I have to enable the firewall to get this working ? are there others things I have to set ?
Any help would be great.
Thanks
Dan
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Thanks Stephan
Sorry but the links are not much good to me (I only know a few words in
German)...
I am using a 2.4 Kernel but cannot see any reference to iptables ? which is
weird ? is this something I have to install ?
I kind of understand the theory but got really bogged down into trying to
install and configure a firewall...
Any ideas?
Dan
----- Original Message -----
From: "OKDesign oHG Security Administrator"
Here are two URL for iptables which were sent to me in answer to my question about masquerading:
http://bolug.uni-bonn.de/wissen/masquerading.html
http://www.fruehbrodt.org/artikel/netfilter.html
Stephan
-----Ursprüngliche Nachricht----- Von: nico@edoc.co.za [mailto:nico@edoc.co.za] Gesendet: Mittwoch, 9. Januar 2002 07:45 An: OKDesign oHG Security Administrator Betreff: Re: AW: [suse-security] IP Forwarding - HELP
Hi,
I'm trying to achive exactly the same with a Linux 2.4 kernel.
Would you mind sending me the info as well?
Thanks
Nico
Hi Dan,
it depends on which Kernel-version you use. If you use 2.4 you need iptables. Exactly this point was discussed during the last days (I'm sure on this 'cause it was me who asked about Masquerading *g*). If you use 2.2 or earlier you need ipchains. Which syntax should be used has been written in my first post about this. If you don't have it anymore, tell me. I can write it again. Back to the roots of your question: IP-forwarding alone is not enough. You need Masquerading because the (ethernet-)IP of your Windozebox is a private IP and not able to be routed over the internet. So the linux-box has to change the sender-IP of the packets to his official IP (granted from your provider, most likely to be a dynamic one) in order to enable answer-packets to find the way back to you. Then your router (the linux-box acts exactly like a router) send the answers back to your windozebox. This is what masquerading means. Again, tell your kernelversion and we can tell you the syntax.
Stephan
-----Ursprüngliche Nachricht----- Von: Dan Banyard [mailto:dan@www.edentify.com.au] Gesendet: Mittwoch, 9. Januar 2002 04:20 An: suse-security@suse.com Betreff: [suse-security] IP Forwarding - HELP
Hi
I have two machine, one Windows NT box and a Linux box (which is connected to the www via a modem) and these two machine are connected directly via ethernet.
I am trying to set up my Linux box so I can get access to the www from the Windows NT box via the Linux box. So far I have enabled IP Forwarding in the rc.config file. I am really unsure what to do now to get this to work - I have read countless linux documents about setting up masquerading but the examples don't seem to comply with Suse. Do I have to enable the firewall to get this working ? are there others things I have to set ?
Any help would be great.
Thanks
Dan
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi anybody, maybe this would help?!? http://www.boingworld.com/workshops/linux/iptables-tutorial Greetz Christoph Dan Banyard wrote:
Thanks Stephan
Sorry but the links are not much good to me (I only know a few words in German)...
I am using a 2.4 Kernel but cannot see any reference to iptables ? which is weird ? is this something I have to install ?
I kind of understand the theory but got really bogged down into trying to install and configure a firewall...
Any ideas?
Dan
-- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de
Hi Why do you not try out "Shorewall" as there is very little you need to configure to get it up and running. I am using it present. you can find more information here: http://www.shorewall.net/ What is it? The Shoreline Firewall (Shorewall) is an iptables based firewall that can be used on a dedicated firewall system, a multi-function masquerade gateway/server or on a standalone Linux system.
Thanks Stephan
Sorry but the links are not much good to me (I only know a few words in German)...
I am using a 2.4 Kernel but cannot see any reference to iptables ? which is weird ? is this something I have to install ?
I kind of understand the theory but got really bogged down into trying to install and configure a firewall...
Any ideas?
Dan ----- Original Message ----- From: "OKDesign oHG Security Administrator"
To: ; "Dan Banyard" Cc: Sent: Wednesday, January 09, 2002 6:35 PM Subject: AW: AW: [suse-security] IP Forwarding - HELP Here are two URL for iptables which were sent to me in answer to my question about masquerading:
http://bolug.uni-bonn.de/wissen/masquerading.html
http://www.fruehbrodt.org/artikel/netfilter.html
Stephan
-----Ursprüngliche Nachricht----- Von: nico@edoc.co.za [mailto:nico@edoc.co.za] Gesendet: Mittwoch, 9. Januar 2002 07:45 An: OKDesign oHG Security Administrator Betreff: Re: AW: [suse-security] IP Forwarding - HELP
Hi,
I'm trying to achive exactly the same with a Linux 2.4 kernel.
Would you mind sending me the info as well?
Thanks
Nico
Hi Dan,
it depends on which Kernel-version you use. If you use 2.4 you need iptables. Exactly this point was discussed during the last days (I'm sure on this 'cause it was me who asked about Masquerading *g*). If you use 2.2 or earlier you need ipchains. Which syntax should be used has been written in my first post about this. If you don't have it anymore, tell me. I can write it again. Back to the roots of your question: IP-forwarding alone is not enough. You need Masquerading because the (ethernet-)IP of your Windozebox is a private IP and not able to be routed over the internet. So the linux-box has to change the sender-IP of the packets to his official IP (granted from your provider, most likely to be a dynamic one) in order to enable answer-packets to find the way back to you. Then your router (the linux-box acts exactly like a router) send the answers back to your windozebox. This is what masquerading means. Again, tell your kernelversion and we can tell you the syntax.
Stephan
-----Ursprüngliche Nachricht----- Von: Dan Banyard [mailto:dan@www.edentify.com.au] Gesendet: Mittwoch, 9. Januar 2002 04:20 An: suse-security@suse.com Betreff: [suse-security] IP Forwarding - HELP
Hi
I have two machine, one Windows NT box and a Linux box (which is connected to the www via a modem) and these two machine are connected directly via ethernet.
I am trying to set up my Linux box so I can get access to the www from the Windows NT box via the Linux box. So far I have enabled IP Forwarding in the rc.config file. I am really unsure what to do now to get this to work - I have read countless linux documents about setting up masquerading but the examples don't seem to comply with Suse. Do I have to enable the firewall to get this working ? are there others things I have to set ?
Any help would be great.
Thanks
Dan
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Dan, Altbough the default kernel has the iptables modules available you need to install the iptables rpm to have access to the configuration tools (ie iptables et all). You can do this from the cds using YaST Austin On Wed, Jan 09, 2002 at 07:30:13PM +1100, Dan Banyard wrote:
Thanks Stephan
Sorry but the links are not much good to me (I only know a few words in German)...
I am using a 2.4 Kernel but cannot see any reference to iptables ? which is weird ? is this something I have to install ?
I kind of understand the theory but got really bogged down into trying to install and configure a firewall...
Any ideas?
Dan <snip> --
| \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 501-857-1189 |_| |_|\____|____/ www.morgancomputers.net
participants (5)
-
Austin Morgan
-
Christoph Wegener
-
Dan Banyard
-
Ian Laws
-
OKDesign oHG Security Administrator