1 |
Wow, what's mail. Great stuff - people. I will try the attachment of |
2 |
Gontran, thanks thanks thanks. |
3 |
|
4 |
Sebastian |
5 |
|
6 |
P.S I know that this is not the really right place for this, thanks, |
7 |
Donny. Sometimes I think it's more than a developer list of one product. |
8 |
I search for good people in mailingslists. This is a list with some |
9 |
really cool guys who understand their favourite parts very good. Yes, I |
10 |
think I needn't know all administration facilities so to ask is |
11 |
sometimes much faster as to search. ;-)) |
12 |
|
13 |
-----Ursprüngliche Nachricht----- |
14 |
Von: gentoo-dev-admin@××××××××××.org |
15 |
[mailto:gentoo-dev-admin@××××××××××.org] Im Auftrag von Donny Davies |
16 |
Gesendet: Montag, 1. Oktober 2001 22:59 |
17 |
An: gentoo-dev@××××××××××.org |
18 |
Betreff: [gentoo-dev] NAT iptables info |
19 |
|
20 |
Please search freshmeat for iptables scripts. Please understand that |
21 |
they're |
22 |
mostly just that-- scripts. Mostly they work top-down, with a few |
23 |
variables |
24 |
you can edit applicable to your setup. Its easy enough to understand. |
25 |
There |
26 |
are a zillion things you can do with the netfilter framework, its very |
27 |
robust. |
28 |
To provide some kind of gentoo firewall is, hmm, well silly. Its %100 |
29 |
configuration. This is not the domain of a 'package', 'rpm' or ebuild. |
30 |
It is the |
31 |
domain of a system administrator. If you are operating a Linux box then |
32 |
you |
33 |
are automatically a system administrator. Cool huh!? :-) |
34 |
|
35 |
This list is not the place for this type of stuff IHMO. This is not a |
36 |
howto-list. |
37 |
I mean no disrespect. Please dont take any offense. |
38 |
|
39 |
What gentoo provides is a nice framework for inserting your firewall |
40 |
script |
41 |
into the init system. At least on rc5 there was an initfile specifically |
42 |
for that |
43 |
purpose. Actually we neednt provide any more than just that! Ie: provide |
44 |
a slot for a firewall script to run. I think the rc5 one ran after all |
45 |
non-local |
46 |
interfaces were brought up, its been so long since I changed my firewall |
47 |
box that I cant remember anymore :) The nice thing about that approach |
48 |
is that you could always just source it, and run the function it was |
49 |
enclosed |
50 |
in if you needed to run it again. Simple, slick, sufficient. |
51 |
|
52 |
Please read up on packet filtering. Microsoft Internet Connection |
53 |
sharing |
54 |
is not a simple hack. Its a lot of work to provide a simple, robust |
55 |
interface |
56 |
to newbies who want to share an internet connection. I would remind you |
57 |
that they basically *didnt* even write it. They bought out the company |
58 |
that |
59 |
*did* write it. It used to be a product called NAT1000 for Windows NT, |
60 |
and sure enough, it started to sell like hotcakes. Naturally, Micro$loth |
61 |
being the anti-competitive juggernaut that it is, swallowed them up, and |
62 |
started tossing it in with Windows 98 Second Edition. |
63 |
|
64 |
There is simply sooo many different variants of these 'firewall scripts' |
65 |
on |
66 |
freshmeat that it would be silly to try to come up with a 'here, this |
67 |
does it |
68 |
for everybody'. It is the obligation of the system administrator. Again, |
69 |
like |
70 |
I said, it is %100 configuration, with many peices in the *kernel*. This |
71 |
is |
72 |
not the domain of a 'package'. If it helps you, Im personally using a |
73 |
modified version of something I grabbed from freshmeat. Good Luck. |
74 |
|
75 |
Of course Id be willing to send you a copy if you wish. |
76 |
|
77 |
Cheers |
78 |
-- |
79 |
Donny |
80 |
|
81 |
|
82 |
|
83 |
_______________________________________________ |
84 |
gentoo-dev mailing list |
85 |
gentoo-dev@××××××××××.org |
86 |
http://cvs.gentoo.org/mailman/listinfo/gentoo-dev |