[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP Masquerading & ipfwadm



Hi

I'm replying here for both e-mails you sent me

first, i do know there is a mini howto, but it is
a bit out of date to my taste. I started by reading
that mini-howto, and the man pages and asked
questions on the list and tried it mtyself
( I'm not sure , but i do not remember any
  indication of the -k option there,
  or on which are the masquarded ports ... )

Second: I do not excectly understand your question,
but I'll try to answer it anyway:

Michael L. Collins wrote:

> > From: Erez Doron <erez@savan.com>
> > To: Michael L. Collins <mcollins@alpha.cs.uttyl.edu>
> >
>
> Erez, your document looks fantastic.
> It looks like it is of practical use, and
> I intend on using it.
>
> I do have one question:
>
> > #Flush all old firewall commands
> > /sbin/ipfwadm -F -f
> > /sbin/ipfwadm -I -f
> > /sbin/ipfwadm -O -f

these 3 lines, delete the old rules from the firewall filtersi.e. ipfwadm
-I -f ( or ipfwadm -If ) tells the kernel to delete
any firewall rulles that he has right now for the input ( = -I ) firwall
filter.

> >
> > #set defualt rule to deny-all
> > /sbin/ipfwadm -F -p deny
> > /sbin/ipfwadm -I -p deny
> > /sbin/ipfwadm -O -p deny

default rules are to say, what to do if there was nomatching rule found
for a certine packet.

> >
> >
> > # I trust my local users, so i allow all connections from
> > # eth0 and loopback, if you do not, you have to add some rules here
> >

Herez I say, that i do not expect my local users ( i.e. on ETH0) to
tryand hack into my system, so I tell the firwall not to block any packet

on the ETH0 interface.

> I'm not clear on what you are refering to here.
> Could you give us an example?
>
> Thanks,
>
> Michael

Regards
Erez.
begin:          vcard
fn:             Erez Doron
n:              Doron;Erez
org:            Savan Communications Ltd.
email;internet: erez@savan.com
title:          Asic/Software/Sysadmin
x-mozilla-cpt:  ;0
x-mozilla-html: TRUE
version:        2.1
end:            vcard