[NBLUG/talk] Advice on iptables ...
Andrew
argonaut at softhome.net
Sun Dec 28 11:38:00 PST 2003
Mark Linford wrote on Sat, 27 Dec 2003 10:06:42 -0800:
> Good morning, everyone:
>
> During this winter break, a project I'd like to work on is
> attaching a wireless router to my home network. However, for
> security reasons, I'd like to limit the access I allow through
> the wireless router. Since I already have a linux box with two
> network interfaces, it seems the best choice would be to
> connect my w/r to the unused port on my linux box, and use
> iptables to limit access to the rest of my network (say, allow
> a few services such as SSH, www and imap access, but deny
> everything else).
>
> However, I haven't been able to find any good tutorials or
> advice online to guide me with this particular configuration.
> Does anyone have any advice on how I should proceed? Thanks in
> advance for your help!
Sounds like you want a bridge which also acts as a firewall. See
this article, "Implementing a Bridging Firewall", in Linux
Gazette #76:
http://www.linuxgazette.com/issue76/whitmarsh.html
Another article which uses OpenBSD to do something very similar
is:
http://www.daemonnews.org/200109/network.html
Pay attention to the parts pertaining to the "Packet Filtering
Bridge". It's a little out of date (ipf, OpenBSD's old IPFilter,
has been replaced by pf (packet filter)), but the concepts are
still sound. Personally, I find pf's syntax *much* more
understandable than iptables', and many people out there would
argue that pf is more capable than iptables, but if you've
already got Linux on the box, I expect you'll want to keep it
there and go with iptables.
Good luck! If you need more information, you might try Googling
for [linux bridge firewall] or something like that.
A.
More information about the talk
mailing list