Confounded by iptables

Well, recently I upgraded from a cable-modem to Verizon FiOS Fiber Optic
service (5/2 service).

For the longest time, I'd been running an old Linux box (166 mhz) on a
2.20.0 kernel using ipchains and all the different ip_masq modules that
enable functionality for certain types of internet traffic.

Ipchains was relatively easy and straight-forward for me to understand.

Well, since I was doing a major upgrade on my home network, I figured,
why not build a brand new server? We happened to have a 2.2 Ghz computer
lying around so I put the latest version of Debian on it.

With very little effort I established a PPPoE connection to FiOS and I
am now able to get online and surf the web from the Linux box.

Now comes the next step. Ipchains doesn't exist anymore. I have a
second 10/100 ethernet card installed that's just waiting to start routing
packets, but even using all of those quick-configuration packages, I can't
manage to start the network to get packets routed.

Could someone point me in the direction of a consise and comprehensive
way to get internet routing implemented with iptables? I still want to use
AIM, LimeWire, FTP, IRC, and all of those different features on my networked
PCs. All other PCs in the house are running Windows XP.

Anyone?

ironyWrit wrote:
> Well, recently I upgraded from a cable-modem to Verizon FiOS Fiber Optic
> service (5/2 service).
>
> For the longest time, I'd been running an old Linux box (166 mhz) on a
> 2.20.0 kernel using ipchains and all the different ip_masq modules that
> enable functionality for certain types of internet traffic.
>
> Ipchains was relatively easy and straight-forward for me to understand.
>
> Well, since I was doing a major upgrade on my home network, I figured,
> why not build a brand new server? We happened to have a 2.2 Ghz computer
> lying around so I put the latest version of Debian on it.
>
> With very little effort I established a PPPoE connection to FiOS and I
> am now able to get online and surf the web from the Linux box.
>
> Now comes the next step. Ipchains doesn't exist anymore. I have a
> second 10/100 ethernet card installed that's just waiting to start routing
> packets, but even using all of those quick-configuration packages, I can't
> manage to start the network to get packets routed.
>
> Could someone point me in the direction of a consise and comprehensive
> way to get internet routing implemented with iptables? I still want to use
> AIM, LimeWire, FTP, IRC, and all of those different features on my networked
> PCs. All other PCs in the house are running Windows XP.
>
> Anyone?
>
>

Check the linux document project. There is a document called nag2.pdf.
it should help you understand iptables. They are backwards compatible
I believe.

--
Respectfully,


CL Gilbert

I need something ... else.

I am already familiar with these concepts.

I suppose I will try to figure it out. It's amazing, no one has any
ready made iptables rule-sets for standard internet firewalling.

...

"CL (dnoyeB) Gilbert" <(E-Mail Removed)> wrote in message
news:G6qdnSZNYIuquZveRVn-(E-Mail Removed)...
> ironyWrit wrote:
>> Well, recently I upgraded from a cable-modem to Verizon FiOS Fiber Optic
>> service (5/2 service).
>>
>> For the longest time, I'd been running an old Linux box (166 mhz) on
>> a 2.20.0 kernel using ipchains and all the different ip_masq modules that
>> enable functionality for certain types of internet traffic.
>>
>> Ipchains was relatively easy and straight-forward for me to
>> understand.
>>
>> Well, since I was doing a major upgrade on my home network, I
>> figured, why not build a brand new server? We happened to have a 2.2 Ghz
>> computer lying around so I put the latest version of Debian on it.
>>
>> With very little effort I established a PPPoE connection to FiOS and
>> I am now able to get online and surf the web from the Linux box.
>>
>> Now comes the next step. Ipchains doesn't exist anymore. I have a
>> second 10/100 ethernet card installed that's just waiting to start
>> routing packets, but even using all of those quick-configuration
>> packages, I can't manage to start the network to get packets routed.
>>
>> Could someone point me in the direction of a consise and
>> comprehensive way to get internet routing implemented with iptables? I
>> still want to use AIM, LimeWire, FTP, IRC, and all of those different
>> features on my networked PCs. All other PCs in the house are running
>> Windows XP.
>>
>> Anyone?
>>
>>
>
> Check the linux document project. There is a document called nag2.pdf. it
> should help you understand iptables. They are backwards compatible I
> believe.
>
> --
> Respectfully,
>
>
> CL Gilbert

> I suppose I will try to figure it out. It's amazing, no one has any
> ready made iptables rule-sets for standard internet firewalling.

Lokkit. Supposedly comes with Debian.

ironyWrit wrote:
> Well, recently I upgraded from a cable-modem to Verizon FiOS Fiber Optic
> service (5/2 service).
>
> For the longest time, I'd been running an old Linux box (166 mhz) on a
> 2.20.0 kernel using ipchains and all the different ip_masq modules that
> enable functionality for certain types of internet traffic.
>
> Ipchains was relatively easy and straight-forward for me to understand.
>
> Well, since I was doing a major upgrade on my home network, I figured,
> why not build a brand new server? We happened to have a 2.2 Ghz computer
> lying around so I put the latest version of Debian on it.
>
> With very little effort I established a PPPoE connection to FiOS and I
> am now able to get online and surf the web from the Linux box.
>
> Now comes the next step. Ipchains doesn't exist anymore. I have a
> second 10/100 ethernet card installed that's just waiting to start routing
> packets, but even using all of those quick-configuration packages, I can't
> manage to start the network to get packets routed.

> Could someone point me in the direction of a consise and
comprehensive
> way to get internet routing implemented with iptables? I still want
to use
> AIM, LimeWire, FTP, IRC, and all of those different features on my
networked
> PCs. All other PCs in the house are running Windows XP.
>
> Anyone?

Me.

Just wade through the documentation referred to at
<http://www.netfilter.org/documentation/index.html#documentation-other>.

Come back after absorbing the HOWTOs if there are
still open questions.

The main difference between ipchains and iptables is that
the packets traversing the FORWARD chain do not visit
the INPUT or OUTPUT chains. There are also some more of
the pre-defined chains, and the address translation is
better fit into the whole picture:

You need the address translation in the form of NAT to
connect several computers of a LAN to the Internet using
the cable connection.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi

ironyWrit <(E-Mail Removed)> wrote:

> I suppose I will try to figure it out. It's amazing, no one has any
> ready made iptables rule-sets for standard internet firewalling.

http://www.faqs.org/docs/iptables/

--
Clifford Kite Email: "echo xvgr_yvahk-(E-Mail Removed)|rot13"

On Fri, 19 Aug 2005 15:24:53 -0500, Clifford Kite <(E-Mail Removed)> wrote:

>ironyWrit <(E-Mail Removed)> wrote:
>
>> I suppose I will try to figure it out. It's amazing, no one has any
>> ready made iptables rule-sets for standard internet firewalling.
>
>http://www.faqs.org/docs/iptables/

And I wonder now what OP calls standard? Since the basic firewall is a
few lines, so trivial you need only to read Rusty Russell's unreliable
guide to find it: primary docs on netfilter.org

http://bugsplatter.mine.nu/bash/firewall/

Grant.

Maybe the simplicity confuses me because I expect it to be complicated.

well, so far, I've got the computer talking to each other.

I'm going to look at all these sites, I really want it to make sense in
my head, but I'll just settle for "help me make it work."


"Grant Coady" <g_r_a_n_t_@dodo.com.au> wrote in message
news:(E-Mail Removed)...
> On Fri, 19 Aug 2005 15:24:53 -0500, Clifford Kite <(E-Mail Removed)>
> wrote:
>
>>ironyWrit <(E-Mail Removed)> wrote:
>>
>>> I suppose I will try to figure it out. It's amazing, no one has any
>>> ready made iptables rule-sets for standard internet firewalling.
>>
>>http://www.faqs.org/docs/iptables/
>
> And I wonder now what OP calls standard? Since the basic firewall is a
> few lines, so trivial you need only to read Rusty Russell's unreliable
> guide to find it: primary docs on netfilter.org
>
> http://bugsplatter.mine.nu/bash/firewall/
>
> Grant.
>

On Fri, 19 Aug 2005 21:10:46 GMT, "ironyWrit" <(E-Mail Removed)>
wrote:

>Maybe the simplicity confuses me because I expect it to be complicated.
>
> well, so far, I've got the computer talking to each other.
>
> I'm going to look at all these sites, I really want it to make sense in
>my head, but I'll just settle for "help me make it work."

There are several "boxed" firewalls out there. My favorite is at
malibyte.net:

http://www.malibyte.net/iptables/scripts/fwscripts.html

I had problems with monmotha (Sp?) but it also has a good reputation.
--
buck

ironyWrit wrote:
> I need something ... else.
>
> I am already familiar with these concepts.
>
> I suppose I will try to figure it out. It's amazing, no one has any
> ready made iptables rule-sets for standard internet firewalling.
>

Have you tried one of the many GUI rule-set writers out there?

My favourite is guarddog (with guidedog for NAT and connection
sharing - see http://www.simonzone.com/), but shorewall is
recommended by many people.

The Cog