Gentoo Archives: gentoo-user

From: Michael Kintzios <michaelkintzios@××××××××.uk>
To: gentoo-user@l.g.o
Subject: [gentoo-user] iptables advice for stand alone box under different usage scenarios
Date: Thu, 08 Sep 2005 16:44:17
Message-Id: F49BE7328A1DA246AFC5C2CDDB86D917DFAFC7@BCV0X134EXC0005
1 Hi All,
2
3 I know that this has been talked to death, but can I please ask for your
4 patience as I don't yet feel confident enough to push on without some
5 more specific advice.
6
7 I am contemplating two different set ups as shown is the two diagrams
8 below:
9 ==============DIAGRAM A===============================================
10 | Router/firewall +-->(Gentoo box)192.168.0.2 (one NIC only)
11 Internet|<--Netgear DG834---|
12 ADSL | 192.168.0.1 +-->(WinXP box) 192.168.0.3 (one NIC only)
13 ======================================================================
14 The router here performs NAT, firewalling and DNS duties.
15
16 Occasionally, I want to send/receive faxes using a modem and when the
17 ADSL connection is playing up I have to use good old dial up to connect
18 to the internet:
19 ==========DIAGRAM B==============
20 | |
21 Internet|<--modem-->|(Gentoo box)
22 Dialup | |
23 =================================
24
25 Ideally, I would like to setup iptables for the following potential
26 scenarios:
27
28 1. As shown in diagram (A) above where both boxes operate as
29 conventional desktops. I guess iptables is not really needed, but
30 assume for a minute that my other half just installed a trojan and now a
31 script kiddie is trying to install a rootkit into my Gentoo box via her
32 WinXP-bot. This hypothetical scenario at least presents a good
33 opportunity for me to learn how to set iptables up in a relatively safe
34 environment (behind the netgear firewall).
35
36 2. As shown in diagram (B) above where the Gentoo box operates as a
37 desktop. Here the box is exposed to the elements and any malicious
38 entity could compromise it over the dialup interface.
39
40 3. As shown in diagram (A), but now the Gentoo box is no longer a
41 desktop, but it operates as a www/ftp/mail server and serves both LAN
42 and WAN clients (I'm fed up paying for unhelpful webhosters ;-).
43
44 I can see that I will need to load different iptable set-ups depending
45 on the network configuration and the role of the Gentoo box
46 (desktop/server). Not sure how I switch between them.
47
48 Starting from the basics I am also not quite sure how to define my
49 interfaces. If the Gentoo box NIC eth0 is the external iface, under
50 scenario 1, then what's the internal? I'm asking this because I tried
51 to setup fwbuilder and it is asking for an internal iface, even for a
52 stand alone host (am I supposed to setup a loopback?).
53
54 Sorry if the above are naïve questions, but iptables is new ground for
55 me and I thought it's high time I put some effort into learning it.
56 Whether you feel like scripting out each scenario for me, or you would
57 rather explain the basic firewall operating philosophy for a particular
58 usage scenario, I would be most grateful all the same for your help.
59 --
60 Regards,
61 Mick
62
63
64 --
65 gentoo-user@g.o mailing list

Replies