[NBLUG/talk] Linux as router

Osiris Pedroso opedroso at swoptimizer.com
Mon Nov 1 13:57:31 PST 2004 

I'll check it out.

I tried Smoothwall for a bit (another 10 minute package), but the Squid
proxy stopped working after a few hours of usage and other little annoyances
like that, that I decided that I wanted to learn the details.

This is more a trip for enlightenment than actually just to get a firewall.
I have a Netgear hardware firewall already in place, behind this machine at
the moment.

The real big plan is to later on do some traffic shapping with my VoIP phone
on the inside of the net, making my phone calls immune to my ftp transfers.
Today it is outside due to my inability to forward packages from one NIC to
the other.

Thanks,

Osiris Pedroso
--
Ph: (707) 658-3500
AOL AIM: osirisPedroso
http://www.SWoptimizer.com
 
 -----Original Message-----
From: talk-bounces at nblug.org [mailto:talk-bounces at nblug.org] On Behalf Of
Walter Hansen
Sent: Monday, November 01, 2004 12:07 PM
To: talk at nblug.org
Subject: Re: [NBLUG/talk] Linux as router

I've had good luck using firestarter. You're up and running in about ten
minutes.

> Good morning,
>
>
>
> I have a Linux machine running with two NICs on it (+ the loopback
> interface), which I would like to use as a firewall for my home network.
>
>
>
> I would like to understand a bit more about iptables and wonder if any of
> you could help me.
>
>
>
> In IPTABLES, there are three main queues of packets, namely INPUT, FORWARD
> and OUTPUT.
>
>
>
> I believe:
>
> *	INPUT and OUTPUT exist for both eth0 and eth1, but FORWARD is shared
> between the two.
> *	When testing packets in the INPUT queue, only the input interface
> can be tested for, the output interface won't be set.
> *	When testing packets in the OUTPUT queue, only the output interface
> can be tested for, the input interface won't be set.
> *	Unless "echo 1 > /proc/sys/net/ipv4/ip_forward" is executed, packets
> will not be forwarded from one interface to the other.
>
>
>
> One more related question:
>
> *	Does TCPDUMP show only arriving packets or does it also show packets
> being emitted from the interface being watched? Maybe I am using the wrong
> tool to watched the traffic go by.
>
>
>
> Thank you so much,
>
>
>
> Osiris Pedroso
>
> --
>
> Ph: (707) 658-3500
>
> AOL AIM: osirisPedroso
>
> http://www.SWoptimizer.com <http://www.swoptimizer.com/>
>
>
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>



_______________________________________________
talk mailing list
talk at nblug.org
http://nblug.org/cgi-bin/mailman/listinfo/talk

More information about the talk mailing list