I've got IP-MASQ working on 2.1.109 (no A.C. patches) and things are
working just peachy :)
Try these ipchains commands for a simple ip-masq firewall that does what
you describe, but you do not want to block all those (1-1000) ports from
the outside, 'cause that just causes problems (don't ask me why, I just
can't browse the net when I block all of those for some reason :P ) This
is the basic IP-MASQ setup:
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward MASQ
These next two will block ports 1 thru 112 and 114 thru 1000 from the
outside world except for the local lan (class A subnet 10.0.0.0). (bad
idea)
ipchains -A input -s ! 10.0.0.0/8 1:112 -p TCP -j ACCEPT
ipchains -A input -s ! 10.0.0.0/8 114:1000 -p TCP -j DENY
Better idea, only block the ports of certain services that you don't
want people on the wan to access, like ports 80, 21, 23, 139, etc. That
is what I do, but it matters very little since I have a dynamic IP I
don't worry about that much, thankfully (though I'd trade it for a cable
modem (or similar)).
ipchains -A input -s ! 10.0.0.0/24 21 -p TCP -j DENY
.
.
.
do the same with "-p UDP" for udp services.
Hope that helped, and that I wasn't too off base in any one thing :)
~Paul Laufer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html