[NBLUG/talk] Advice on iptables ...

Andrew argonaut at softhome.net
Sun Dec 28 11:38:00 PST 2003


Mark Linford wrote on Sat, 27 Dec 2003 10:06:42 -0800:

> Good morning, everyone:
> 
> During this winter break, a project I'd like to work on is
> attaching a wireless router to my home network. However, for
> security reasons, I'd like to limit the access I allow through
> the wireless router. Since I already have a linux box with two
> network interfaces, it seems the best choice would be to
> connect my w/r to the unused port on my linux box, and use
> iptables to limit access to the rest of my network (say, allow 
> a few services such as SSH, www and imap access, but deny
> everything else).
> 
> However, I haven't been able to find any good tutorials or
> advice online to guide me with this particular configuration.
> Does anyone have any advice on how I should proceed? Thanks in
> advance for your help!

Sounds like you want a bridge which also acts as a firewall. See
this article, "Implementing a Bridging Firewall", in Linux
Gazette #76:

http://www.linuxgazette.com/issue76/whitmarsh.html

Another article which uses OpenBSD to do something very similar
is:

http://www.daemonnews.org/200109/network.html

Pay attention to the parts pertaining to the "Packet Filtering
Bridge". It's a little out of date (ipf, OpenBSD's old IPFilter,
has been replaced by pf (packet filter)), but the concepts are
still sound. Personally, I find pf's syntax *much* more
understandable than iptables', and many people out there would
argue that pf is more capable than iptables, but if you've
already got Linux on the box, I expect you'll want to keep it
there and go with iptables.

Good luck! If you need more information, you might try Googling
for [linux bridge firewall] or something like that.

A.



More information about the talk mailing list