[NBLUG/talk] Linux as router
Walter Hansen
gandalf at sonic.net
Mon Nov 1 14:12:26 PST 2004
Ahh, I was studying ipchains and iptables in class, had them all worked
out on paper and then tried to make it work and was shot down in flames,
so when someone suggested firestarter (someone on this list) I jumped in
as I really just wanted it to work. Today I'm probably headed to a
hardware solution as I'd like to take a little load off the server and I
seem to be picking up routers right and left for $5-10. I don't know the
extent of the wear and tear and cpu usage, but I can hear internet traffic
on the machine so there must be some wear going on.
> I'll check it out.
>
> I tried Smoothwall for a bit (another 10 minute package), but the Squid
> proxy stopped working after a few hours of usage and other little
> annoyances
> like that, that I decided that I wanted to learn the details.
>
> This is more a trip for enlightenment than actually just to get a
> firewall.
> I have a Netgear hardware firewall already in place, behind this machine
> at
> the moment.
>
> The real big plan is to later on do some traffic shapping with my VoIP
> phone
> on the inside of the net, making my phone calls immune to my ftp
> transfers.
> Today it is outside due to my inability to forward packages from one NIC
> to
> the other.
>
> Thanks,
>
> Osiris Pedroso
> --
> Ph: (707) 658-3500
> AOL AIM: osirisPedroso
> http://www.SWoptimizer.com
>
> -----Original Message-----
> From: talk-bounces at nblug.org [mailto:talk-bounces at nblug.org] On Behalf Of
> Walter Hansen
> Sent: Monday, November 01, 2004 12:07 PM
> To: talk at nblug.org
> Subject: Re: [NBLUG/talk] Linux as router
>
> I've had good luck using firestarter. You're up and running in about ten
> minutes.
>
>> Good morning,
>>
>>
>>
>> I have a Linux machine running with two NICs on it (+ the loopback
>> interface), which I would like to use as a firewall for my home network.
>>
>>
>>
>> I would like to understand a bit more about iptables and wonder if any
>> of
>> you could help me.
>>
>>
>>
>> In IPTABLES, there are three main queues of packets, namely INPUT,
>> FORWARD
>> and OUTPUT.
>>
>>
>>
>> I believe:
>>
>> * INPUT and OUTPUT exist for both eth0 and eth1, but FORWARD is shared
>> between the two.
>> * When testing packets in the INPUT queue, only the input interface
>> can be tested for, the output interface won't be set.
>> * When testing packets in the OUTPUT queue, only the output interface
>> can be tested for, the input interface won't be set.
>> * Unless "echo 1 > /proc/sys/net/ipv4/ip_forward" is executed, packets
>> will not be forwarded from one interface to the other.
>>
>>
>>
>> One more related question:
>>
>> * Does TCPDUMP show only arriving packets or does it also show packets
>> being emitted from the interface being watched? Maybe I am using the
>> wrong
>> tool to watched the traffic go by.
>>
>>
>>
>> Thank you so much,
>>
>>
>>
>> Osiris Pedroso
>>
>> --
>>
>> Ph: (707) 658-3500
>>
>> AOL AIM: osirisPedroso
>>
>> http://www.SWoptimizer.com <http://www.swoptimizer.com/>
>>
>>
>>
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at nblug.org
>> http://nblug.org/cgi-bin/mailman/listinfo/talk
>>
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
>
More information about the talk
mailing list