[SLE] Ipchains with gfcc - any recommendations?
Here's the layout: A friend of mine, who is a NT sysadmin, although open-minded, asked me two days ago if I could replace one of his servers whith a LINUX-box that does simple IP-masquearading before Wednesday next week, i.e 2000-03-05. If not he would have to buy the third-party NAT software whose demo-license expired last week. I told him that I would give it a try, if he would rely on SuSE. I have no previous experience whith IP-chains, but I read the various related HOW-TOS and it doesn't seem impossible. I also found that SuSE 6.4 comes with the program gfcc, which seems to make IP-chains a little easier for thee beginner. If I succeed I might save a poor soul from the NT persuasion - I hope you see how important this is. Now the question: has anyone out there had any experience whith gfcc and if so fdo you have any tips or recommendations? I would be glad to just hear that it works out of the box! Thanks in advance Anders -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sun, 30 Apr 2000, Anders Dahlqvist wrote: ad> Here's the layout: ad> A friend of mine, who is a NT sysadmin, although ad> open-minded, asked me two days ago if I could replace one of ad> his servers whith a LINUX-box that does simple IP-masquearading before ad> Wednesday ad> next week, i.e 2000-03-05. If not he would have to buy the third-party ad> NAT ad> software whose demo-license expired last week. ad> I told him that I would give it a try, if he would rely on SuSE. ad> I have no previous experience whith IP-chains, ad> but I read the various related HOW-TOS and it doesn't seem impossible. ad> I also found that SuSE 6.4 comes with the program gfcc, which seems to ad> make ad> IP-chains a little easier for thee beginner. ad> If I succeed I might save a poor soul from the NT persuasion - I hope ad> you see ad> how important this is. ad> Now the question: has anyone out there had any experience whith gfcc ad> and if so ad> fdo you have any tips or recommendations? I would be glad to just hear ad> that ad> it works out of the box! ad> I've used it a number of times, it's basically a toold to setup ipchains but requires that you know how ipchains works from the command line. If you know that then gfcc is superb. The best thing to do is start with a set of already installed ipchain rules that allow the box to do what you want, then experiment with gfcc to see what each rule looks like within gfcc so you'll have an understanding of how the final output will look. To this end I would recommend either using the SuSEfirewall package which will create the initial set of rules required for a particular setup or install mason firewall builder and let it create the rules for you. I'm currently using the SuSEfirewall method myself and have created some personal rules that are inserted after words which makes it fairly easy to setup, control and view with gfcc once up and running. ad> Thanks in advance ad> ad> Anders ad> ad> ad> ad> ad> -- S.Toms - tomas@primenet.com - www.primenet.com/~tomas SuSE Linux v6.3+ - Kernel 2.2.14 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Anders Dahlqvist wrote:
Here's the layout: A friend of mine, who is a NT sysadmin, although open-minded, asked me two days ago if I could replace one of his servers whith a LINUX-box that does simple IP-masquearading before Wednesday next week, i.e 2000-03-05. If not he would have to buy the third-party NAT software whose demo-license expired last week. I told him that I would give it a try, if he would rely on SuSE. I have no previous experience whith IP-chains, but I read the various related HOW-TOS and it doesn't seem impossible. I also found that SuSE 6.4 comes with the program gfcc, which seems to make IP-chains a little easier for thee beginner. If I succeed I might save a poor soul from the NT persuasion - I hope you see how important this is. Now the question: has anyone out there had any experience whith gfcc and if so fdo you have any tips or recommendations? I would be glad to just hear that it works out of the box!
This is a bit late, considering the deadline of today, but... To get very basic masquerading working, you basically need the following ipchians rule: ipchains -A forward -j MASQ combined with: echo "1" > /proc/sys/net/ipv4/ip_forward Note that this provides absolutely *no* security whatsoever - that'll have to be set up more carefully. The IPCHAINS-HOWTO should provide the necessary info for firewalling, while the IP-Masquerade HOWTO will give you a hand with masq. I'm afraid I can't help you with gfcc as I've never used it myself. I suppose that since you've passed your deadline, I should ask how it went - did you succeed? Well? Bye, Chris -- Sorry everybody - all the servers at the ISP I use for email have been down for the past four days. They've come back up again, so now I have to catch up on all that mail... __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (3)
-
chris.reeves@iname.com -
dahlqvist@sundsvall.mail.telia.com -
tomas@primenet.com