Gentoo Archives: gentoo-dev

From: Sebastian Werner <sebastian@××××××××××××××××××.de>
To: gentoo-dev@××××××××××.org
Subject: AW: [gentoo-dev] NAT iptables info
Date: Mon, 01 Oct 2001 17:00:46
Message-Id: 000701c14acd$0321c360$0100a8c0@wp
In Reply to: [gentoo-dev] NAT iptables info by Donny Davies
1 Wow, what's mail. Great stuff - people. I will try the attachment of
2 Gontran, thanks thanks thanks.
4 Sebastian
6 P.S I know that this is not the really right place for this, thanks,
7 Donny. Sometimes I think it's more than a developer list of one product.
8 I search for good people in mailingslists. This is a list with some
9 really cool guys who understand their favourite parts very good. Yes, I
10 think I needn't know all administration facilities so to ask is
11 sometimes much faster as to search. ;-))
13 -----Ursprüngliche Nachricht-----
14 Von: gentoo-dev-admin@××××××××××.org
15 [mailto:gentoo-dev-admin@××××××××××.org] Im Auftrag von Donny Davies
16 Gesendet: Montag, 1. Oktober 2001 22:59
17 An: gentoo-dev@××××××××××.org
18 Betreff: [gentoo-dev] NAT iptables info
20 Please search freshmeat for iptables scripts. Please understand that
21 they're
22 mostly just that-- scripts. Mostly they work top-down, with a few
23 variables
24 you can edit applicable to your setup. Its easy enough to understand.
25 There
26 are a zillion things you can do with the netfilter framework, its very
27 robust.
28 To provide some kind of gentoo firewall is, hmm, well silly. Its %100
29 configuration. This is not the domain of a 'package', 'rpm' or ebuild.
30 It is the
31 domain of a system administrator. If you are operating a Linux box then
32 you
33 are automatically a system administrator. Cool huh!? :-)
35 This list is not the place for this type of stuff IHMO. This is not a
36 howto-list.
37 I mean no disrespect. Please dont take any offense.
39 What gentoo provides is a nice framework for inserting your firewall
40 script
41 into the init system. At least on rc5 there was an initfile specifically
42 for that
43 purpose. Actually we neednt provide any more than just that! Ie: provide
44 a slot for a firewall script to run. I think the rc5 one ran after all
45 non-local
46 interfaces were brought up, its been so long since I changed my firewall
47 box that I cant remember anymore :) The nice thing about that approach
48 is that you could always just source it, and run the function it was
49 enclosed
50 in if you needed to run it again. Simple, slick, sufficient.
52 Please read up on packet filtering. Microsoft Internet Connection
53 sharing
54 is not a simple hack. Its a lot of work to provide a simple, robust
55 interface
56 to newbies who want to share an internet connection. I would remind you
57 that they basically *didnt* even write it. They bought out the company
58 that
59 *did* write it. It used to be a product called NAT1000 for Windows NT,
60 and sure enough, it started to sell like hotcakes. Naturally, Micro$loth
61 being the anti-competitive juggernaut that it is, swallowed them up, and
62 started tossing it in with Windows 98 Second Edition.
64 There is simply sooo many different variants of these 'firewall scripts'
65 on
66 freshmeat that it would be silly to try to come up with a 'here, this
67 does it
68 for everybody'. It is the obligation of the system administrator. Again,
69 like
70 I said, it is %100 configuration, with many peices in the *kernel*. This
71 is
72 not the domain of a 'package'. If it helps you, Im personally using a
73 modified version of something I grabbed from freshmeat. Good Luck.
75 Of course Id be willing to send you a copy if you wish.
77 Cheers
78 --
79 Donny
83 _______________________________________________
84 gentoo-dev mailing list
85 gentoo-dev@××××××××××.org