Re: one interface, basic setup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bill McCormick <wpmccormick@sbcglobal.net>
To: /dev/rob0 <rob0@gmx.co.uk>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: one interface, basic setup
Date: Thu, 21 Jul 2005 22:28:27 -0500	[thread overview]
Message-ID: <42E067DB.3060809@sbcglobal.net> (raw)
In-Reply-To: <42DF8BDE.5080805@gmx.co.uk>

/dev/rob0 wrote:

> Bill McCormick wrote:
>
>> (basic and packet filtering) I still feel unsure. I want to build a 
>> FW for outgoing packets only. My setup looks like this:
>>
>> internet <---->Netgear FVS318 <----> LAN
>
[snip]

> I think I'd set up a different logical segment for the clients, such 
> that they could not reach the router at all. Just one more hurdle for 
> any would-be "extruder" trying to get out.

This a home setup. First and formost, I want to restrict, limit and 
control what clients can send out and to where. Basically, I just want 
ALL out-bound traffic to pass through FC3 iptables then get routed to 
the FVS318.

So, the best (easiest) way to accomplish this is to make the FC3 the 
gateway router by adding another interface? Do the NAT rules get crazy 
for that? Are the routing tables complicated?

Thanks

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date: 7/20/2005

next prev parent reply	other threads:[~2005-07-22  3:28 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-21  2:38 one interface, basic setup Bill McCormick
2005-07-21 11:49 ` /dev/rob0
2005-07-22  3:28   ` Bill McCormick [this message]
2005-07-22 18:51     ` Ruprecht Helms

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42E067DB.3060809@sbcglobal.net \
    --to=wpmccormick@sbcglobal.net \
    --cc=netfilter@lists.netfilter.org \
    --cc=rob0@gmx.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.