[CS-FSLUG] Christiansource Digest, Vol 124, Issue 1
davidm at hisfeet.net
davidm at hisfeet.net
Fri Oct 17 15:39:48 CDT 2014
Thanks Tim, I've never bothered with a firewall since I started using
Linux. So far as I know I've never had n intrusion. I don't really know
if I need a firewall, or a vpn. maybe all I need is a proxy. But I need
to have it set up so it includes my whole LAN. I'll study the link you
sent, and see where that gets me.
On 2014-10-16 12:00, christiansource-request at ofb.biz wrote:
> Send Christiansource mailing list submissions to
> christiansource at ofb.biz
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://ofb.biz/mailman/listinfo/christiansource_ofb.biz
> or, via email, send a message with subject or body 'help' to
> christiansource-request at ofb.biz
>
> You can reach the person managing the list at
> christiansource-owner at ofb.biz
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Christiansource digest..."
>
> Today's Topics:
>
> 1. Trying to set up my desktop to serve as a sort of "gateway"
> (davidm at hisfeet.net)
> 2. Re: Trying to set up my desktop to serve as a sort of
> "gateway" (Tim Young)
>
> List-Post: <mailto:christiansource at ofb.biz>
> Content-Transfer-Encoding: 8bit
> From: davidm at hisfeet.net
> Precedence: list
> MIME-Version: 1.0
> To: christiansource at ofb.biz
> Date: Wed, 15 Oct 2014 19:01:55 -0400
> Message-ID:
> <b60d06d51bdb8dcf406ed91cacfe427a.squirrel at trinity.pjlhosting.com>
> Content-Type: text/plain;charset=iso-8859-1
> Subject: [CS-FSLUG] Trying to set up my desktop to serve as a sort of
> "gateway"
> Message: 1
>
> Well, really a gateway to the gateway. I want to connect to a VPN, or
> at
> least to a private proxy, for use in Mexico, but I want each and all of
> our Internet devices to be connected through it.
>
> I have read that it is possible to set up a Linux box to interpose
> itself
> between the Internet, and everything on the LAN, and still provide the
> devices on the LAN to communicate with the WAN. I think the article I
> was
> reading was for a Firewall, which would be OK, but my purpose is for a
> VPN.
>
> I have installed an extra communication card with an Ethernet
> connector,
> and the computer does recognize that it is there, and identifies it
> properly, but I haven't the faintest idea how to adjust the machine to
> my
> purposes, or what information to look for in that regard.
>
> I've just spent several hours looking for answer, but don't seem to be
> getting anywhere. I'll be using Mint 11 I think.
>
>
>
>
>
> Hi,
> Is your mint "firewall" something you will be using for more than
> just the gateway and VPN endpoint? If you are only using it for a
> firewall/gateway, I would recommend using "PFSense" or a different
> firewall distro. It will make the task of building a firewall a lot
> simpler.
>
> I do not know mint well, so there may be some easier way to do it
> through a GUI or something. But here are the pieces you need.
>
> I will call the Linux computer a "firewall" as that is what it will
> be serving as.
>
> KERNEL
> You need to tell the Linux kernel on your firewall that it is to
> allow packets to forward (route) through it. We do that by changing
> the value in the kernel: /proc/sys/net/ipv4/ip_forward
> The way to do this is through "sysctl", which seems to be in
> /etc/sysctl.conf (or a file in /etc/sysctl.d) that says:
> net.ipv4.ip_forward=1
>
> IP ADDRESSING
> Then, you need to have two different IP addresses and IP address
> pools on either network interface.
> Typically, people use 192.168.1.1 or 192.168.0.1 for their IP
> addresses. Because you are wanting to do a VPN, you should NOT use
> either of these. VPNs are a little tricky, and it usually helps to
> have a different IP address pool than the one you are accessing from.
> So it is usually good to pick a slightly more obscure number.
>
> So, for kicks, let's add 20 to the default number, and we will use
> these on the "inside" network card and outside network card.
> 192.168.20.1
> 192.168.21.1
>
> FIREWALL RULE (MASQUERADING)
> Then, you need to set up MASQUERADING on the external network card.
> This is done through an IPTables rule. If you are using something like
> firewallbuilder or some other firewalling thing, it may do it for you.
> But it boils down to a basic line that says something like:
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> DONE:
> That is the main bit of info. It looks like a possible mint faq could
> be here:
> http://thesystemmaster.com/unix/gateway_mint.php [2]
>
> Setting up a VPN may be a little bit harder. I would probably use
> openvpn if you can.
>
> - Tim Young
> Links:
> ------
> [1] http://cs.uninetsolutions.com
> [2] http://thesystemmaster.com/unix/gateway_mint.php
>
> ______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://ofb.biz/mailman/listinfo/christiansource_ofb.biz
More information about the Christiansource
mailing list