Gentoo Archives: gentoo-dev

From: Donny Davies <woodchip@g.o>
To: gentoo-dev@××××××××××.org
Subject: [gentoo-dev] NAT iptables info
Date: Mon, 01 Oct 2001 15:01:51
1 Please search freshmeat for iptables scripts. Please understand that they're
2 mostly just that-- scripts. Mostly they work top-down, with a few variables
3 you can edit applicable to your setup. Its easy enough to understand. There
4 are a zillion things you can do with the netfilter framework, its very robust.
5 To provide some kind of gentoo firewall is, hmm, well silly. Its %100
6 configuration. This is not the domain of a 'package', 'rpm' or ebuild. It is the
7 domain of a system administrator. If you are operating a Linux box then you
8 are automatically a system administrator. Cool huh!? :-)
10 This list is not the place for this type of stuff IHMO. This is not a howto-list.
11 I mean no disrespect. Please dont take any offense.
13 What gentoo provides is a nice framework for inserting your firewall script
14 into the init system. At least on rc5 there was an initfile specifically for that
15 purpose. Actually we neednt provide any more than just that! Ie: provide
16 a slot for a firewall script to run. I think the rc5 one ran after all non-local
17 interfaces were brought up, its been so long since I changed my firewall
18 box that I cant remember anymore :) The nice thing about that approach
19 is that you could always just source it, and run the function it was enclosed
20 in if you needed to run it again. Simple, slick, sufficient.
22 Please read up on packet filtering. Microsoft Internet Connection sharing
23 is not a simple hack. Its a lot of work to provide a simple, robust interface
24 to newbies who want to share an internet connection. I would remind you
25 that they basically *didnt* even write it. They bought out the company that
26 *did* write it. It used to be a product called NAT1000 for Windows NT,
27 and sure enough, it started to sell like hotcakes. Naturally, Micro$loth
28 being the anti-competitive juggernaut that it is, swallowed them up, and
29 started tossing it in with Windows 98 Second Edition.
31 There is simply sooo many different variants of these 'firewall scripts' on
32 freshmeat that it would be silly to try to come up with a 'here, this does it
33 for everybody'. It is the obligation of the system administrator. Again, like
34 I said, it is %100 configuration, with many peices in the *kernel*. This is
35 not the domain of a 'package'. If it helps you, Im personally using a
36 modified version of something I grabbed from freshmeat. Good Luck.
38 Of course Id be willing to send you a copy if you wish.
40 Cheers
41 --
42 Donny


Subject Author
AW: [gentoo-dev] NAT iptables info Sebastian Werner <sebastian@××××××××××××××××××.de>
Re: [gentoo-dev] NAT iptables info Chad Huneycutt <chad.huneycutt@×××.org>
Re: [gentoo-dev] NAT iptables info Djamil ESSAISSI <djamil@××××××××××××.com>