On Monday 02 September 2002 3:26 am, John Pettigrew wrote:
I have a small home LAN (3 machines) and want to convert the gateway machine to SuSE linux. In fact, I've already got it running no problem (dual booting with Win98). There's just one thing I still haven't managed to configure correctly, and that's the firewall/masquerading. I've tried using YaST2 to set the firewall rules up (using SuSE firewall2), and have tried other tools downloaded from the net, but haven't managed to get it working properly - the best I've managed is to cut off all internet access :-/ I've also read relevant web pages etc. but without enlightenment.
The system (under Win98) involves running NAT32 and ZoneAlarm, and works fine, so I know that the client machines are set up properly. However, linux seems to be harder to get set up :-(
The gateway machine gets its external IP by DHCP from the cable modem (eth0), and the internal IP address 192.168.0.1 is set for eth1. All machines on the LAN have IP addresses in the range 192.168.0.x. I don't need a proxy on the gateway machine, although I'll install one if it the easiest way!
What I want is the following: 1) Gateway machine to be used as a desktop machine as well as a gateway. 2) Gateway machine to have full, unrestricted access to the internet and to the machines on the LAN. 3) All machines on the LAN to have full, unrestricted access to the internet and to the gateway machine. 4) All access from the internet to the LAN to be denied. 5) All access from the internet to the gateway machine to be denied except for ICQ and MSN messenger.
Can anyone point me to an idiot's guide to setting up SuSE firewall2 for this, or tell me what to do? Alternatively, is there a different package I might use?
TiA, John, Save yourself a lot of headaches, use Shorewall. It's super easy to get what you want, especially if you read the directions. He has a 2 interface rule set that is just what you need. Find it at www.shorewall.net