After I installed a debian system. Make a well firewall protection is my first priority.However, use iptables command is too complicated to maintain.If you want to adjust your firewall settings with iptables on a remote host .It is very danger to make your remote connection fail.
So I survey some firewall backend and try to search convient one.And I decide to use arno-iptables-firewall. Install that is very easy in Debian. Just use "apt-get install arno-iptables-firewall" and it's done.Don't forget make your apt-get tree updated.
After setting up arno-iptables-firewall.I get a nat environment in very short time.Now I have eth0 as my wan side , eth1 as my lan side and the connection is accessible to the other computers.
The settings of debconf.cfg in /etc/arno-iptables-firewall are like this:
DC_EXT_IF="eth0"
DC_EXT_IF_DHCP_IP=0
DC_OPEN_TCP="21 80"
DC_OPEN_UDP="161"
DC_INT_IF="eth1"
DC_NAT=1
DC_INTERNAL_NET="192.168.1.0/24"
DC_NAT_INTERNAL_NET="192.168.1.0/24"
DC_OPEN_ICMP=1
I make 21 and 80 ports open in DC_OPEN_TCP. That's for my ftp and web services.You can see DC_NAT =1 for nat of course. And make DC_OPEN_ICMP open is useful to test connection quality throught remote host.
I plan to make more studying in this backend firewall tool. I'll record this next time.
Showing posts with label arno-iptables-firewall. Show all posts
Showing posts with label arno-iptables-firewall. Show all posts
Saturday, August 23, 2008
Subscribe to:
Posts (Atom)