[CS-FSLUG] Christiansource Digest, Vol 124, Issue 1

davidm at hisfeet.net davidm at hisfeet.net
Fri Oct 17 15:39:48 CDT 2014 

Thanks Tim, I've never bothered with a firewall since I started using 
Linux. So far as I know I've never had n intrusion. I don't really know 
if I need a firewall, or a vpn. maybe all I need is a proxy. But I need 
to have it set up so it includes my whole LAN.  I'll study the link you 
sent, and see where that gets me.



On 2014-10-16 12:00, christiansource-request at ofb.biz wrote:
> Send Christiansource mailing list submissions to
> 	christiansource at ofb.biz
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://ofb.biz/mailman/listinfo/christiansource_ofb.biz
> or, via email, send a message with subject or body 'help' to
> 	christiansource-request at ofb.biz
> 
> You can reach the person managing the list at
> 	christiansource-owner at ofb.biz
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Christiansource digest..."
> 
> Today's Topics:
> 
>    1. Trying to set up my desktop to serve as a sort of	"gateway"
>       (davidm at hisfeet.net)
>    2. Re: Trying to set up my desktop to serve as a sort of
>       "gateway" (Tim Young)
> 
> List-Post: <mailto:christiansource at ofb.biz>
> Content-Transfer-Encoding: 8bit
> From: davidm at hisfeet.net
> Precedence: list
> MIME-Version: 1.0
> To: christiansource at ofb.biz
> Date: Wed, 15 Oct 2014 19:01:55 -0400
> Message-ID: 
> <b60d06d51bdb8dcf406ed91cacfe427a.squirrel at trinity.pjlhosting.com>
> Content-Type: text/plain;charset=iso-8859-1
> Subject: [CS-FSLUG] Trying to set up my desktop to serve as a sort of
> 	"gateway"
> Message: 1
> 
> Well, really a gateway to the gateway. I want to connect to a VPN, or 
> at
> least to a private proxy, for use in Mexico, but I want each and all of
> our Internet devices to be connected through it.
> 
> I have read that it is possible to set up a Linux box to interpose 
> itself
> between the Internet, and everything on the LAN, and still provide the
> devices on the LAN to communicate with the WAN. I think the article I 
> was
> reading was for a Firewall, which would be OK, but my purpose is for a
> VPN.
> 
> I have installed an extra communication card with an Ethernet 
> connector,
> and the computer does recognize that it is there, and identifies it
> properly, but I haven't the faintest idea how to adjust the machine to 
> my
> purposes, or what information to look for in that regard.
> 
> I've just spent several hours looking for answer, but don't seem to be
> getting anywhere. I'll be using Mint 11 I think.
> 
> 
> 
> 
> 
>  Hi,
>  Is your mint "firewall" something you will be using for more than
> just the gateway and VPN endpoint? If you are only using it for a
> firewall/gateway, I would recommend using "PFSense" or a different
> firewall distro. It will make the task of building a firewall a lot
> simpler.
> 
>  I do not know mint well, so there may be some easier way to do it
> through a GUI or something. But here are the pieces you need.
> 
>  I will call the Linux computer a "firewall" as that is what it will
> be serving as.
> 
>  KERNEL
>  You need to tell the Linux kernel on your firewall that it is to
> allow packets to forward (route) through it. We do that by changing
> the value in the kernel: /proc/sys/net/ipv4/ip_forward
>  The way to do this is through "sysctl", which seems to be in
> /etc/sysctl.conf (or a file in /etc/sysctl.d) that says:
>  net.ipv4.ip_forward=1
> 
>  IP ADDRESSING
>  Then, you need to have two different IP addresses and IP address
> pools on either network interface.
>  Typically, people use 192.168.1.1 or 192.168.0.1 for their IP
> addresses. Because you are wanting to do a VPN, you should NOT use
> either of these. VPNs are a little tricky, and it usually helps to
> have a different IP address pool than the one you are accessing from.
> So it is usually good to pick a slightly more obscure number.
> 
>  So, for kicks, let's add 20 to the default number, and we will use
> these on the "inside" network card and outside network card.
>  192.168.20.1
>  192.168.21.1
> 
>  FIREWALL RULE (MASQUERADING)
>  Then, you need to set up MASQUERADING on the external network card.
> This is done through an IPTables rule. If you are using something like
> firewallbuilder or some other firewalling thing, it may do it for you.
> But it boils down to a basic line that says something like:
>  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
>  DONE:
>  That is the main bit of info. It looks like a possible mint faq could
> be here:
>  http://thesystemmaster.com/unix/gateway_mint.php [2]
> 
>  Setting up a VPN may be a little bit harder. I would probably use
> openvpn if you can.
> 
>  - Tim Young

> Links:
> ------
> [1] http://cs.uninetsolutions.com
> [2] http://thesystemmaster.com/unix/gateway_mint.php
> 
> ______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://ofb.biz/mailman/listinfo/christiansource_ofb.biz

More information about the Christiansource mailing list