Difference between revisions of "Talk:NAT'ing firewall"

From ArchWiki
Jump to: navigation, search
m (moved newer/current discussion to the bottom)
Line 1: Line 1:
== Custom Kernel ==
 
Is this section really needed with the 2.6.30 kernel?--[[User:Arcanazar|Arcanazar]] 14:12, 30 July 2009 (EDT)
 
 
No, a custom kernel is not necessary for a natting firewall.  There is also no reason given for the this section except for adsl.  I would personallly like for the section pertaining to adsl to be kept and the rest be pruned.--[[User:Mthode|Prometheanfire]] 14:58, 30 July 2009 (EDT)
 
 
== Move ? ==
 
I know that it redirects to this page, but wouldn't it be clearer to move this page to "Router" and just state that it is acomplished by using a NAT'ing firewall? I would be willing to put in the work. --[[User:Arcanazar|Arcanazar]] 11:53, 30 July 2009 (EDT)
 
 
 
== iptables rules ==
 
== iptables rules ==
 
I'm not sure if these also apply when using shorewall. This is based on the following assumptions:
 
I'm not sure if these also apply when using shorewall. This is based on the following assumptions:
Line 21: Line 13:
 
  echo " # Transparently forward http traffic to Squid"
 
  echo " # Transparently forward http traffic to Squid"
 
  $IPTABLES -t nat -A PREROUTING -i eth0 ! -d 192.168.1.7 -p tcp --dport 80 -j REDIRECT --to-port 3128
 
  $IPTABLES -t nat -A PREROUTING -i eth0 ! -d 192.168.1.7 -p tcp --dport 80 -j REDIRECT --to-port 3128
 +
 +
== Custom Kernel ==
 +
Is this section really needed with the 2.6.30 kernel?--[[User:Arcanazar|Arcanazar]] 14:12, 30 July 2009 (EDT)
 +
 +
No, a custom kernel is not necessary for a natting firewall.  There is also no reason given for the this section except for adsl.  I would personallly like for the section pertaining to adsl to be kept and the rest be pruned.--[[User:Mthode|Prometheanfire]] 14:58, 30 July 2009 (EDT)
 +
 +
== Move ? ==
 +
I know that it redirects to this page, but wouldn't it be clearer to move this page to "Router" and just state that it is acomplished by using a NAT'ing firewall? I would be willing to put in the work. --[[User:Arcanazar|Arcanazar]] 11:53, 30 July 2009 (EDT)

Revision as of 18:59, 9 April 2010

iptables rules

I'm not sure if these also apply when using shorewall. This is based on the following assumptions:

  • iptables server is the gateway server
  • squid is listening on port 3128
  • local network is connecting to the server is 192.168.0.0/23 and already has basic nat rules set up
  • iptables server is 192.168.1.7

It took me a while to realise that in addition to redirecting the traffic, the squid port needed to be opened before it would work:

echo " # open access to proxy - squid - port 3128"
$IPTABLES -A open -p tcp --syn --dport 3128 -j ACCEPT

echo " # Transparently forward http traffic to Squid"
$IPTABLES -t nat -A PREROUTING -i eth0 ! -d 192.168.1.7 -p tcp --dport 80 -j REDIRECT --to-port 3128

Custom Kernel

Is this section really needed with the 2.6.30 kernel?--Arcanazar 14:12, 30 July 2009 (EDT)

No, a custom kernel is not necessary for a natting firewall. There is also no reason given for the this section except for adsl. I would personallly like for the section pertaining to adsl to be kept and the rest be pruned.--Prometheanfire 14:58, 30 July 2009 (EDT)

Move ?

I know that it redirects to this page, but wouldn't it be clearer to move this page to "Router" and just state that it is acomplished by using a NAT'ing firewall? I would be willing to put in the work. --Arcanazar 11:53, 30 July 2009 (EDT)