[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Firewalling - BSD and iptables




Sorry I didn't give many useful answers on this one.

Here's masquerading under iptables:

    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

logging with a very low limit (although there is also a default burst
rate of 5 matches/second in addition to the specified 2 matches/minute):

iptables -A INPUT -i ppp0 -m limit --limit 2/m -j LOG --log-prefix iptables-input:
iptables -A FORWARD -i ppp0 -m limit --limit 2/m -j LOG --log-prefix iptables-forward:

IMO, the way that the rules are set up now is much easier to think
about.

INPUT - packets destined for the firewall box.
FORWARD - only packets going through/across the box (i.e. NAT)
OUTPUT - packets from the firewall box 

IIRC, "input" under ipchains includes all incoming packets.

Excuse me if I'm a bit quiet over the next few days - I'm off to
Edinburgh for the weekend.

Cheers.

Baz. 
-- 
Barrie J. Bremner		OpenPGP public key ID: 5164F553
baz [at] barriebremner.com	http://barriebremner.com/


___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.