| 1 |
Wow, what's mail. Great stuff - people. I will try the attachment of |
| 2 |
Gontran, thanks thanks thanks. |
| 3 |
|
| 4 |
Sebastian |
| 5 |
|
| 6 |
P.S I know that this is not the really right place for this, thanks, |
| 7 |
Donny. Sometimes I think it's more than a developer list of one product. |
| 8 |
I search for good people in mailingslists. This is a list with some |
| 9 |
really cool guys who understand their favourite parts very good. Yes, I |
| 10 |
think I needn't know all administration facilities so to ask is |
| 11 |
sometimes much faster as to search. ;-)) |
| 12 |
|
| 13 |
-----Ursprüngliche Nachricht----- |
| 14 |
Von: gentoo-dev-admin@××××××××××.org |
| 15 |
[mailto:gentoo-dev-admin@××××××××××.org] Im Auftrag von Donny Davies |
| 16 |
Gesendet: Montag, 1. Oktober 2001 22:59 |
| 17 |
An: gentoo-dev@××××××××××.org |
| 18 |
Betreff: [gentoo-dev] NAT iptables info |
| 19 |
|
| 20 |
Please search freshmeat for iptables scripts. Please understand that |
| 21 |
they're |
| 22 |
mostly just that-- scripts. Mostly they work top-down, with a few |
| 23 |
variables |
| 24 |
you can edit applicable to your setup. Its easy enough to understand. |
| 25 |
There |
| 26 |
are a zillion things you can do with the netfilter framework, its very |
| 27 |
robust. |
| 28 |
To provide some kind of gentoo firewall is, hmm, well silly. Its %100 |
| 29 |
configuration. This is not the domain of a 'package', 'rpm' or ebuild. |
| 30 |
It is the |
| 31 |
domain of a system administrator. If you are operating a Linux box then |
| 32 |
you |
| 33 |
are automatically a system administrator. Cool huh!? :-) |
| 34 |
|
| 35 |
This list is not the place for this type of stuff IHMO. This is not a |
| 36 |
howto-list. |
| 37 |
I mean no disrespect. Please dont take any offense. |
| 38 |
|
| 39 |
What gentoo provides is a nice framework for inserting your firewall |
| 40 |
script |
| 41 |
into the init system. At least on rc5 there was an initfile specifically |
| 42 |
for that |
| 43 |
purpose. Actually we neednt provide any more than just that! Ie: provide |
| 44 |
a slot for a firewall script to run. I think the rc5 one ran after all |
| 45 |
non-local |
| 46 |
interfaces were brought up, its been so long since I changed my firewall |
| 47 |
box that I cant remember anymore :) The nice thing about that approach |
| 48 |
is that you could always just source it, and run the function it was |
| 49 |
enclosed |
| 50 |
in if you needed to run it again. Simple, slick, sufficient. |
| 51 |
|
| 52 |
Please read up on packet filtering. Microsoft Internet Connection |
| 53 |
sharing |
| 54 |
is not a simple hack. Its a lot of work to provide a simple, robust |
| 55 |
interface |
| 56 |
to newbies who want to share an internet connection. I would remind you |
| 57 |
that they basically *didnt* even write it. They bought out the company |
| 58 |
that |
| 59 |
*did* write it. It used to be a product called NAT1000 for Windows NT, |
| 60 |
and sure enough, it started to sell like hotcakes. Naturally, Micro$loth |
| 61 |
being the anti-competitive juggernaut that it is, swallowed them up, and |
| 62 |
started tossing it in with Windows 98 Second Edition. |
| 63 |
|
| 64 |
There is simply sooo many different variants of these 'firewall scripts' |
| 65 |
on |
| 66 |
freshmeat that it would be silly to try to come up with a 'here, this |
| 67 |
does it |
| 68 |
for everybody'. It is the obligation of the system administrator. Again, |
| 69 |
like |
| 70 |
I said, it is %100 configuration, with many peices in the *kernel*. This |
| 71 |
is |
| 72 |
not the domain of a 'package'. If it helps you, Im personally using a |
| 73 |
modified version of something I grabbed from freshmeat. Good Luck. |
| 74 |
|
| 75 |
Of course Id be willing to send you a copy if you wish. |
| 76 |
|
| 77 |
Cheers |
| 78 |
-- |
| 79 |
Donny |
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
_______________________________________________ |
| 84 |
gentoo-dev mailing list |
| 85 |
gentoo-dev@××××××××××.org |
| 86 |
http://cvs.gentoo.org/mailman/listinfo/gentoo-dev |
Archives