1 |
Hi All, |
2 |
|
3 |
I know that this has been talked to death, but can I please ask for your |
4 |
patience as I don't yet feel confident enough to push on without some |
5 |
more specific advice. |
6 |
|
7 |
I am contemplating two different set ups as shown is the two diagrams |
8 |
below: |
9 |
==============DIAGRAM A=============================================== |
10 |
| Router/firewall +-->(Gentoo box)192.168.0.2 (one NIC only) |
11 |
Internet|<--Netgear DG834---| |
12 |
ADSL | 192.168.0.1 +-->(WinXP box) 192.168.0.3 (one NIC only) |
13 |
====================================================================== |
14 |
The router here performs NAT, firewalling and DNS duties. |
15 |
|
16 |
Occasionally, I want to send/receive faxes using a modem and when the |
17 |
ADSL connection is playing up I have to use good old dial up to connect |
18 |
to the internet: |
19 |
==========DIAGRAM B============== |
20 |
| | |
21 |
Internet|<--modem-->|(Gentoo box) |
22 |
Dialup | | |
23 |
================================= |
24 |
|
25 |
Ideally, I would like to setup iptables for the following potential |
26 |
scenarios: |
27 |
|
28 |
1. As shown in diagram (A) above where both boxes operate as |
29 |
conventional desktops. I guess iptables is not really needed, but |
30 |
assume for a minute that my other half just installed a trojan and now a |
31 |
script kiddie is trying to install a rootkit into my Gentoo box via her |
32 |
WinXP-bot. This hypothetical scenario at least presents a good |
33 |
opportunity for me to learn how to set iptables up in a relatively safe |
34 |
environment (behind the netgear firewall). |
35 |
|
36 |
2. As shown in diagram (B) above where the Gentoo box operates as a |
37 |
desktop. Here the box is exposed to the elements and any malicious |
38 |
entity could compromise it over the dialup interface. |
39 |
|
40 |
3. As shown in diagram (A), but now the Gentoo box is no longer a |
41 |
desktop, but it operates as a www/ftp/mail server and serves both LAN |
42 |
and WAN clients (I'm fed up paying for unhelpful webhosters ;-). |
43 |
|
44 |
I can see that I will need to load different iptable set-ups depending |
45 |
on the network configuration and the role of the Gentoo box |
46 |
(desktop/server). Not sure how I switch between them. |
47 |
|
48 |
Starting from the basics I am also not quite sure how to define my |
49 |
interfaces. If the Gentoo box NIC eth0 is the external iface, under |
50 |
scenario 1, then what's the internal? I'm asking this because I tried |
51 |
to setup fwbuilder and it is asking for an internal iface, even for a |
52 |
stand alone host (am I supposed to setup a loopback?). |
53 |
|
54 |
Sorry if the above are naïve questions, but iptables is new ground for |
55 |
me and I thought it's high time I put some effort into learning it. |
56 |
Whether you feel like scripting out each scenario for me, or you would |
57 |
rather explain the basic firewall operating philosophy for a particular |
58 |
usage scenario, I would be most grateful all the same for your help. |
59 |
-- |
60 |
Regards, |
61 |
Mick |
62 |
|
63 |
|
64 |
-- |
65 |
gentoo-user@g.o mailing list |