| 1 |
Hello, |
| 2 |
|
| 3 |
I'm attempting to follow this wiki to build a test firewall running iptables: |
| 4 |
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart |
| 5 |
|
| 6 |
Kernel is 'hardened' with netfilter et al activated. |
| 7 |
|
| 8 |
It looks reasonable and is suppose to be up to date. |
| 9 |
|
| 10 |
My nics are set up in /etc/conf.d/net |
| 11 |
iface_eth0="192.168.2.20 broadcast 192.168.2.255 netmask 255.255.255.0" |
| 12 |
iface_eth1="192.168.3.11 broadcast 192.168.3.255 netmask 255.255.255.0" |
| 13 |
iface_eth2="<snipped> broadcast <snipped> netmask 255.255.255.252" |
| 14 |
routes_eth2=( "default gw <snipped>" ) |
| 15 |
|
| 16 |
All work fine. |
| 17 |
|
| 18 |
port forwarding is enabled: |
| 19 |
|
| 20 |
Rulesets get saved to /var/lib/iptables/rules-save |
| 21 |
As specificed in /etc/conf.d/iptables |
| 22 |
and |
| 23 |
/etc/init.d/iptables is the script that launces iptables |
| 24 |
plus rc-update add iptables default |
| 25 |
|
| 26 |
I think all of this is correct(correct me if I'm wrong). |
| 27 |
|
| 28 |
When I go to /etc/init to write my rules into firewall.sh |
| 29 |
as specified in the aforementioned wiki I automatically get |
| 30 |
this shoved into the script: |
| 31 |
|
| 32 |
#!/sbin/runscript |
| 33 |
# Copyright 1999-2006 Gentoo Foundation |
| 34 |
# Distributed under the terms of the GNU General Public License v2 |
| 35 |
# $Header: $ |
| 36 |
depend() { |
| 37 |
} |
| 38 |
start() { |
| 39 |
} |
| 40 |
stop() { |
| 41 |
} |
| 42 |
restart() { |
| 43 |
} |
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
curiously none of the example talk about this. |
| 48 |
|
| 49 |
Is this the correct place to put my script(/etc/init.d/, |
| 50 |
which is somewhat similar to the one suggested in the |
| 51 |
wiki? |
| 52 |
|
| 53 |
|
| 54 |
None of the examples I found googling discuss the details of where to put |
| 55 |
the script, how to launch it and other such details. Any suggestion |
| 56 |
are welcome. I have found lots of example scripts similar to my 3 nic |
| 57 |
net/lan/dmz setup though. |
| 58 |
|
| 59 |
Any suggestions are very welcome. |
| 60 |
|
| 61 |
James |
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
-- |
| 67 |
gentoo-user@g.o mailing list |
Archives