Security Basics mailing list archives
Re: Open Source Router with NAT
From: Dathan Bennett <dathan () shsu edu>
Date: Fri, 29 Jun 2007 10:24:25 -0500
Take a PC (or Mac, or Alpha, or anything else Linux will run on), and add two network cards to it.
Boot your favorite version of Linux, and install it.Make sure iptables is installed (should come installed by default on just about any current distro). Use the GUI of your choice to setup appropriate iptables rules (http://www.linuxguruz.com/iptables/, scroll down to Tools)** Or, if you just want masquerading, here's an example config that'll take care of that for you (needs to be typed in from the command line, or run as a script):
iptables -F FORWARD iptables -F fw-interfaces iptables -F fw-open iptables -N fw-interfaces iptables -N fw-openiptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -j fw-interfaces iptables -A FORWARD -j fw-open iptables -A fw-interfaces -i eth1 -j ACCEPT #replace xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx with your public ip/subnetiptables -t nat -A POSTROUTING -s xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward ~Dathan Mohamed Farid wrote:
Dear All : I need to have an open source router solution with the following scenario : Plug and play router : CD to boot a new fresh PC from -> install whatever it needs to install -> I have an up and running router with : - Good and easy management GUI Console - Nat Supported - Good Reporting or Monitoring Console Any Advises ?Mohamed Farid ,, * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This e-mail (including attachments) is classified as Mediterranean Smart Cards Company confidential and proprietary information The recipient hereby is committed to hold in strict confidence the contents of this (e-mail, document, and information) and not to disclose to any third party without the prior written consent of Mediterranean Smart Cards Company. Recipient will be held liable for any unauthorized disclosure. It is intended solely for the addressee. Unless you are the addressee, you may not read, copy, use or store this e-mail in any way, or permit others to. If you have received it in error, please notify the sender by return e-mail and delete the message in its entirety, including any attachments * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Current thread:
- Restricting Open Proxies shailesh . rangari (Jun 19)
- Re: Restricting Open Proxies Samir Pawaskar (Jun 21)
- Open Source Router with NAT Mohamed Farid (Jun 28)
- Re: Open Source Router with NAT Dathan Bennett (Jun 30)
- Re: Open Source Router with NAT Nikhil Wagholikar (Jun 30)
- Open Source Router with NAT Mohamed Farid (Jun 28)
- <Possible follow-ups>
- Re: Restricting Open Proxies krymson (Jun 19)
- Re: Restricting Open Proxies Jay (Jun 22)
- Re: Restricting Open Proxies merigoth (Jun 22)
- Re: Restricting Open Proxies Jay (Jun 22)
- Re: Restricting Open Proxies Samir Pawaskar (Jun 21)