Thanks for the reply On Wed, 5 Dec 2001 16:16:18 -0800, Christopher Mahmood wrote:
That's very debatable. In theory, yes iptables has lots of nice features like stateful inspection that that ipchains doesn't. In reality, the 2.4 kernel hasn't seen nearly the amount of abuse that 2.2 has and undoubtedly has lots of bugs yet to be found. Unless you there's a feature of iptables that you must have, I'd reconsider. I haven't followed this thread so I'm probably missing something, but it sounds like you don't really know much about this sort of thing and don't care to--you just want a simple, easy to configure firewall so you can get on with actually using your system instead of twidling with a firewall script that is overkill for what you need. That is exactly what the personal one is designed for.
That is your opinion, but I see that Bruce can offer another, and as I said Suse f/w2 seemed to be the one to go for. At the end of the day having read all the advice, it is up to me to make a choice based on what I have read.. Having come from Windows where the firewalls, (I use Tiny Personal Firewall who have just won an award and a contract to I think the US Navy), where they are very configurable through an easy interface. There you can block and control ports, access etc to your hearts content. In Linux there is not that facility. It is fine if you are into scripting but some of us do not want that. It depends on whether you want Suse/Linux to stay as a geek o/s, or whether you want it to be better than Windows.
See /usr/share/doc/packages/SuSEfirewall/EXAMPLES
In any case taking the first example which is FW_DEV_EXT="pppo" causes the firewall fail to load, so the examples cannot be trusted.
That's '0', not an 'o'.
Yes I know. It was getting late and finger happy.
So what you want is to setup your linux box as a firewall and also use it to masquerade a private network for your windows machine(s). I.e.,
(big bad world) | | __windows 1 (linux box)---<__ windows 2 ^ \ (there will be a switch or hub there probably)
I don't know what your connection is to outside but I'll assume it's DSL or cable modem so that you have two ethernet cards in the machine. Then, should only have to set
FW_DEV_WORLD="eth0" # it might be eth1 depending on the ordering # of your cards FW_DEV_INT="eth1" # eth0 if FW_DEV_WORLD=eth1 FW_ROUTE="yes" # this will allow routing between eth1 and eth0 FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24"
That last one allows you to have a private class C network for your windows machines so your windows machines can use 192.168.0.2 through 192.168.0.254 with a netmask of 255.255.255.0 and a gateway of 192.168.0.1 or whatever ip address on the 192.168.0.0/24 network you give the internal interface on the linux box.
The rest you can leave with the default values.
I didn't describe it properly. They are direct connected, no hub, and a dial up modem on the Linux box. At the moment I have guessed at some settings enough to get a connection. I then use Firestarter to sit on top which takes over control and alter the settings. This still has to be refined, but it comes up clean at Shields Up for the moment. Regards, David