Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
David Kramer wrote: > I have a feeling I will have to somehow get rid of SuseFirewall2 and make > my own iptables rules, but I don't think my iptable Kung Fu is up to that. There are countless GUI front-ends for iptables, none of which I've tried, as I like servers not to be dependent on GUIs for configuration, and this product fits the bill: FireHOL, the iptables stateful packet filtering firewall builder. http://firehol.sourceforge.net/ It's implemented as a mini-language written using Bourne shell functions. Your config file gets "compiled" into iptables rules. A typical server config file is as simple as: version 5 interface eth0 LAN policy reject server "smtp imap imaps dns syslog ntp samba http ssh icmp" accept client all accept But the language is expressive enough that you can set up DMZs, custom routing, and other custom rules. > Side note: I *really* have to set up a dns server on my box now, because > I can't open any of my domain names from my intranet, because they all > go out and then back in. I need to tell all my internal machines that > all of those addresses map to my server, which is now 192.168.1.2. You solve that using a "split horizon" DNS setup [1]. I went through the effort of setting up tinydns [2] for that, but when I later went looking for a DHCP server I ran across Dnsmasq [3], which combines DNS content, cache, and DHCP server in one. I wouldn't recommend this for serving public DNS records, but it seems like a good fit for a private DNS/DHCP server on a LAN, and I plan to give it a try one of these days. A combined DNS/DHCP server has the added advantage that you aren't maintaining lists of IP addresses in two places. Here's an article on using it: http://www.enterprisenetworkingplanet.com/netos/article.php/3377351 -Tom [1] http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html [2] http://www.tinydns.org/ [3] http://thekelleys.org.uk/dnsmasq/doc.html
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |