Hi Chad, On Wednesday, 19. December 2001 06:58, dog@intop.net wrote:
for iptables you need the iptables rpm (i believe its in the sec section on the suse ftp site, as is ipchains)
An other kind reader of this list told me to get iptables at ftp://ftp.suse.com/pub/people/garloff/linux/SuSE/RPMS/
just enabling ip_forwarding in rc.config is not enough. now you need to configure a firewall to pass packets and masquerade packets. with ipchains this is done with
ipchains -F ipchains -P forward DENY ipchains -A forward -s 192.168.1.1/24 -j MASQ
the structure for iptables would be very similar. what this does is flush any existing ipchains rules, then sets a default policy (-P) of denying any forwarding, then sets a rule to masquerade all packets from source (-s) 192.168.1.1/24 as being from the local machine and forwards them to the next hop in the network. this does not do any type of packet filtering or port filtering, although ipchains and iptables both can do that with more sophisticated rulesets. if this is all you need, put those lines in a file called rc.firewall in /etc/init.d, chmod 700 it, symlink it to a file in /etc/init.d/rc3.d (ln -s /etc/init.d/rc.firewall /etc/init.d/rc3.d/S99firewall) and the next time you startup your linux box they will load.
Thank you very much for the great explanation! It's exactly what I was looking for! Best regards, Ming-Che -- ICQ#: 126097979