Configure >

IP tables

I finally got a little tired of Firestarter - although it did a good job most of the time, it annoyed me when I was trying to share my connection or connect to another box with a simple network.

Actually, all it does is act as a manager of the system's ports, accepting and rejecting traffic, by writing "iptables". So that's why it's possible to ditch your GUI firewall because you can configure your own iptables and have complete control with them, like allow any unusual ports which a GUI firewall might just block.

I still don't know much about IP tables, with hardly any time to learn, but they can be used extensively... I got a firewall set up using the iptables file on the Debian Wiki here

With just a few easy steps...

1.    make a test iptables file, as root,

2.    fill that with the Debian Wiki example (including a new line at end after "COMMIT") and save it

3.    stop firestarter, if you have it running

4.    run

5.    see how it's running with

6.    save the configuration to the master iptables file with

7.    and to have the rules run at start-up, make a file

fill with this script

finally, make the script executable with

Allowing another linux box to share your internet connection

This is called masquerading -but I didn't need a MASQUERADE iptables rule to make it work.

add this rule to the "test.rules" and test it out (your out interface may be different)...

and enable routing

This works with Network manager - server side as "Share" and client side as "Automatic"


nfs through a firewall via static ports

With nfs (see my nfs page) choosing random ports to send/receive on, how is it going to get through the firewall at all unless those ports it's using are made static and added to the firewall rules? Let's do that then...

there are some 4 files to edit - basically we have to sync some port numbers, and you could use others than these..
RPCMOUNTDOPTS="--manage-gids --port 892"

STATDOPTS="--port 32765 --outgoing-port 32766"

options lockd nlm_udpport=32769 nlm_tcpport=32803


restart nfs

iptable rules to add (to the test.rules file)

of course   -s    or   -s   would allow a lot more IP addresses, and omitted will allow any

then run

and when you're happy

lastly, on the client, check for exported shares from server,

and after that you should be mounting the shares OK
(just don't mount the server's home dir in the client's home dir! 8P)

Next page:

XnView MP - configure the image browser

Home | Content | Site Map | TOP