After I installed a debian system. Make a well firewall protection is my first priority.However, use iptables command is too complicated to maintain.If you want to adjust your firewall settings with iptables on a remote host .It is very danger to make your remote connection fail.
So I survey some firewall backend and try to search convient one.And I decide to use arno-iptables-firewall. Install that is very easy in Debian. Just use "apt-get install arno-iptables-firewall" and it's done.Don't forget make your apt-get tree updated.
After setting up arno-iptables-firewall.I get a nat environment in very short time.Now I have eth0 as my wan side , eth1 as my lan side and the connection is accessible to the other computers.
The settings of debconf.cfg in /etc/arno-iptables-firewall are like this:
DC_EXT_IF="eth0"
DC_EXT_IF_DHCP_IP=0
DC_OPEN_TCP="21 80"
DC_OPEN_UDP="161"
DC_INT_IF="eth1"
DC_NAT=1
DC_INTERNAL_NET="192.168.1.0/24"
DC_NAT_INTERNAL_NET="192.168.1.0/24"
DC_OPEN_ICMP=1
I make 21 and 80 ports open in DC_OPEN_TCP. That's for my ftp and web services.You can see DC_NAT =1 for nat of course. And make DC_OPEN_ICMP open is useful to test connection quality throught remote host.
I plan to make more studying in this backend firewall tool. I'll record this next time.
Subscribe to:
Post Comments (Atom)
1 comment:
Thank you for such a nice tutorial.
I just wrote a different kind of tutorial on how to set up Arno IPTABLES firewall.
May be it may help someone to setup his own firewall based on IPTABLES.
You can find some examples for a mail server and for a Proxy server using SNAT and port forwarding.
The location of my tutorial is here:
http://cosmolinux.no-ip.org/raconetlinux2/arno_iptables_firewall.html
I wish it is useful to someone.
Post a Comment