Re: best distro for security



Matthias Kirchhart <matthias.kirchhart@xxxxxxxxxx> (06-08-08 22:23:57):

When it comes to NAT or NPT, then things get a bit more complicated.
The easiest way is to use a user interface for that, which most
distributions provide. Then it's as simple as entering the port
ranges and destination addresses. If you don't have them, then you
again have to do it at the low level. See the iptables man-page to
learn more, or visit the Netfilter homepage [1].

Well I have done that once with a box. You first have to enable the
forwarding thing. The command to enable NAT is quite simple:

iptables -t nat -A POSTROUTING
-o ppp0
-j MASQUERADE

Where ppp0 is the interface which is connected to the internet. This
command masquerades everything that is routed through the ppp0
interface. I would also block all incoming connection requests that
come from ppp0:

iptables -A INPUT -m state ___-state NEW
-i ppp0
-j DROP

I know that this is nothing really secure, but for small people like
me it is enough :)

Well, yes. That's for the simplest cases, but it already fails, when
you've got two hosts behind the firewall. ;)


Regards,
E.S.
.



Relevant Pages

  • Re: USR5637 USB modem setup (2)
    ... not the peer. ... You say '/sbin/ifconfig' shows a ppp0 interface with appropriate IP ... Notice two lines mentioning ppp0 - one being a 'host route' to the peer ...
    (comp.os.linux.networking)
  • Re: Etch desktop: switching between ppp and ethernet network connections
    ... All I get is a "Could not enable interface ppp0". ... This got resolved as I had broken network profiles which replaced ... udev is handling the plug-in GPRS modem and ifplugd handles the ...
    (Debian-User)
  • Reverse tunnel and multiple interface
    ... first (eth0) is the "normal" interface, the other one is used as ... The ppp0 is a GPRS connection via a modem, ... route, because if my app try to use ppp0, then the link will be stucked, ...
    (SSH)
  • Re: When is ppp0 created? Add routes before pptp has established link
    ... The reason is i wish to make sure *all* packets (apart from route to ... routed out over ppp0, and if ppp0 is down then they dont go out eth0 ... from running pptp from the ... Using interface ppp0 ...
    (comp.os.linux.misc)
  • Re: ipsec+iptables
    ... My internet interface is ppp0. ... IPSEC tunnel won't work. ...
    (comp.os.linux.security)