|
|
-CONTINUED
Setting up
rc.firewall
First of all, your going to want to create a file called
/etc/rc.d/rc.firewall.
The following is just a basic configuration, you'll want to
edit it as it applies to you. If you use the default configuration,
it should work fine though.
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x
and 2.2.x kernels using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current
IP MASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using
the PORT method
#
/sbin/modprobe ip_masq_ftp
#
#
# Supports the masquerading of RealAudio over UDP. Without
this module,
# RealAudio WILL function but in TCP mode. This can cause
a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
#
# Supports the masquerading of IRC DCC file transfers
#
/sbin/modprobe ip_masq_irc
#
# Supports the masquerading of Quake and QuakeWorld by default.
This modules is
# for for multiple users behind the Linux MASQ server. If
you are going to play
# Quake I, II, and III, use the second example.
#
# Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
#
# Supports the masquerading of the CuSeeme video conferencing
software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing
software
#
#/sbin/modprobe ip_masq_vdolive
#
#CRITICAL: Enable IP forwarding since it is disabled by default
since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or
DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ,
making the life
# with Diald and similar programs much easier.
#
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet
is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ
users)
# /sbin/ipchains -M -S 7200 10 160
#
# DHCP: For people who receive their external IP address from
either DHCP or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use
the following
# before the deny command. The "bootp_client_net_if_name"
should be replaced
# the name of the link that the DHCP/BOOTP server will put
an address on to?
# This will be something like "eth0", "eth1", etc. #
# This example is currently commented out.
#
#
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name
-s 0/0 67 -d 0/0 68 -p udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address
in the 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match
your internal LAN setup
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
# End of file.
After you have setup /etc/rc.d/rc.firewall, you will want
do to the following...
# chmod +x /etc/rc.d/rc.firewall
That will make the script you just created executable.
Now you'll want to edit /etc/rc.d/rc.M (or one of your start-up
scripts) and add the following..
-
# Start IPchains
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall
fi
# End of file.
After you do all of that, you will have to add the following
into /etc/resolv.conf
search yourisp'sdomain.com
nameserver yourisp'snameserver
After you do that, you should be about set. All you have
to do is setup your other machines. Here's how I have mine
setup.
---Linux Box---
IP = 192.168.0.1
NETMASK = 255.255.255.0
GATEWAY = 192.168.0.1
NETWORK = 192.168.0.0
BROADCAST = 192.168.0.255
You will want to make all the other computers on your LAN
use the IP of your Linux Box as their Default Gateway.
If you are setting up another linux box. You will want to
setup a host entry in /etc/hosts for your server box. You
will also want to setup your /etc/resolv.conf file like
the following..
search yourispsdomain.com
nameserver yourISP'sprimarydns
nameserver yourISP'ssendonarydns
If you do not know your ISP's DNS servers, contact them.
They can give you that info.
If your using a windows client, go into start/settings/control
panel/networks...click on the TCP/IP settings for your Ethernet
Card and click on properties.
You will then want to put in your IP address. 192.168.0.x
(2-255) And your Subnet Mask 255.255.255.0
After that you will click on the 'DNS Configuration' tab,
you will want to add the name for this computer and your
ISP's domain name.
You will then click on the 'Gateway' tab, and put in 192.168.0.1
and click on 'Add'.
Hopefully I've included enough info to get IPchains running
on your box, but if I left anything out, or you find something
wrong with this page, Email
me
-
linuxf00l
[-previous
page-]
|
