Since I replaced Smc Wireless Router with Debian System. Internet connection failing problem is gone.This is make me exciting.And new requirement appear today.A user need to make a remote access to his host throught vnc.So make a port forwarding is needed.
I check debconf.cfg but it looks like nothing can be added.Then I search firewall.conf and find this:
# IP protocol forward example:
# (forward protocols 47 & 48 to 192.168.0.10)
# NAT_IP_FORWARD="47,48>192.168.0.10"
Obviously this is what I need. I added NAT_TCP_FORWARD="5900>192.168.1.10:5900" and restart the service.Then the port forwarding setting is worked ^^.
Saturday, August 23, 2008
Arno-Iptables-Firewall in Debian
After I installed a debian system. Make a well firewall protection is my first priority.However, use iptables command is too complicated to maintain.If you want to adjust your firewall settings with iptables on a remote host .It is very danger to make your remote connection fail.
So I survey some firewall backend and try to search convient one.And I decide to use arno-iptables-firewall. Install that is very easy in Debian. Just use "apt-get install arno-iptables-firewall" and it's done.Don't forget make your apt-get tree updated.
After setting up arno-iptables-firewall.I get a nat environment in very short time.Now I have eth0 as my wan side , eth1 as my lan side and the connection is accessible to the other computers.
The settings of debconf.cfg in /etc/arno-iptables-firewall are like this:
DC_EXT_IF="eth0"
DC_EXT_IF_DHCP_IP=0
DC_OPEN_TCP="21 80"
DC_OPEN_UDP="161"
DC_INT_IF="eth1"
DC_NAT=1
DC_INTERNAL_NET="192.168.1.0/24"
DC_NAT_INTERNAL_NET="192.168.1.0/24"
DC_OPEN_ICMP=1
I make 21 and 80 ports open in DC_OPEN_TCP. That's for my ftp and web services.You can see DC_NAT =1 for nat of course. And make DC_OPEN_ICMP open is useful to test connection quality throught remote host.
I plan to make more studying in this backend firewall tool. I'll record this next time.
So I survey some firewall backend and try to search convient one.And I decide to use arno-iptables-firewall. Install that is very easy in Debian. Just use "apt-get install arno-iptables-firewall" and it's done.Don't forget make your apt-get tree updated.
After setting up arno-iptables-firewall.I get a nat environment in very short time.Now I have eth0 as my wan side , eth1 as my lan side and the connection is accessible to the other computers.
The settings of debconf.cfg in /etc/arno-iptables-firewall are like this:
DC_EXT_IF="eth0"
DC_EXT_IF_DHCP_IP=0
DC_OPEN_TCP="21 80"
DC_OPEN_UDP="161"
DC_INT_IF="eth1"
DC_NAT=1
DC_INTERNAL_NET="192.168.1.0/24"
DC_NAT_INTERNAL_NET="192.168.1.0/24"
DC_OPEN_ICMP=1
I make 21 and 80 ports open in DC_OPEN_TCP. That's for my ftp and web services.You can see DC_NAT =1 for nat of course. And make DC_OPEN_ICMP open is useful to test connection quality throught remote host.
I plan to make more studying in this backend firewall tool. I'll record this next time.
Beginning
I've decided to begin a diary about my experiences throughout my Linux road.
Welcome to my Linux Life.
I have previous experience in Windows, Fedora and Mandrake. And I'll start my record with Debian studying.Hope I can use Debian more familiar.
Welcome to my Linux Life.
I have previous experience in Windows, Fedora and Mandrake. And I'll start my record with Debian studying.Hope I can use Debian more familiar.
Subscribe to:
Posts (Atom)