Re: best distro for security



Matthias Kirchhart <matthias.kirchhart@xxxxxxxxxx> (06-08-08 22:23:57):

When it comes to NAT or NPT, then things get a bit more complicated.
The easiest way is to use a user interface for that, which most
distributions provide. Then it's as simple as entering the port
ranges and destination addresses. If you don't have them, then you
again have to do it at the low level. See the iptables man-page to
learn more, or visit the Netfilter homepage [1].

Well I have done that once with a box. You first have to enable the
forwarding thing. The command to enable NAT is quite simple:

iptables -t nat -A POSTROUTING
-o ppp0
-j MASQUERADE

Where ppp0 is the interface which is connected to the internet. This
command masquerades everything that is routed through the ppp0
interface. I would also block all incoming connection requests that
come from ppp0:

iptables -A INPUT -m state ___-state NEW
-i ppp0
-j DROP

I know that this is nothing really secure, but for small people like
me it is enough :)

Well, yes. That's for the simplest cases, but it already fails, when
you've got two hosts behind the firewall. ;)


Regards,
E.S.
.



Relevant Pages