<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1">If you want all your field-based internet devices to
connect through your VPN, then you do not need a firewall. If you
want your home-based Internet devices to go through it, then you
will end up setting it up as a firewall.<br>
<br>
If you just want "ease of setup and configuring a VPN" you should
probably go with a firewall distro instead of using mint. It can
make the task to be just a few hours (or minutes, if you know what
you are doing). If you need to build everything in mint, it will
probably take a bit longer. But, if you are trying to set up the
VPN on a mint computer that you already have, then using mint is
the obvious way to go.<br>
<br>
If all you are doing is giving yourself a vpn endpoint for all
your field-based Internet devices, then all you really need to set
up on mint is a VPN (openvpn, probably), possibly some
port-forwarding in your "Internet modem" to get the VPN to be
accessible from outside your home, and Dynamic DNS. You can skip
all the firewall and routing stuff. The dynamic dns may be able
to be done in your modem, or it may need to be done on mint (using
ddclient or something like that.)<br>
<br>
There is a good chance that you do have a firewall, but do not
know it. :) Most Internet modems have something like that built
into them. If you do not have a firewall, I would recommend
getting one. The "shellshock" vulnerability that came out
recently was a Linux/Unix specific vulnerability. A firewall is a
wise move for any platform.<br>
<br>
- Tim Young<br>
<br>
</font>
<div class="moz-cite-prefix">On 10/17/2014 3:39 PM,
<a class="moz-txt-link-abbreviated" href="mailto:davidm@hisfeet.net">davidm@hisfeet.net</a> wrote:<br>
</div>
<blockquote cite="mid:73f5680fd2b9c7f4eabce0071eaa224a@hisfeet.net"
type="cite">Thanks Tim, I've never bothered with a firewall since
I started using Linux. So far as I know I've never had n
intrusion. I don't really know if I need a firewall, or a vpn.
maybe all I need is a proxy. But I need to have it set up so it
includes my whole LAN. I'll study the link you sent, and see
where that gets me.
<br>
<br>
<br>
<br>
On 2014-10-16 12:00, <a class="moz-txt-link-abbreviated" href="mailto:christiansource-request@ofb.biz">christiansource-request@ofb.biz</a> wrote:
<br>
<blockquote type="cite">Send Christiansource mailing list
submissions to
<br>
<a class="moz-txt-link-abbreviated" href="mailto:christiansource@ofb.biz">christiansource@ofb.biz</a>
<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit
<br>
<a class="moz-txt-link-freetext" href="http://ofb.biz/mailman/listinfo/christiansource_ofb.biz">http://ofb.biz/mailman/listinfo/christiansource_ofb.biz</a>
<br>
or, via email, send a message with subject or body 'help' to
<br>
<a class="moz-txt-link-abbreviated" href="mailto:christiansource-request@ofb.biz">christiansource-request@ofb.biz</a>
<br>
<br>
You can reach the person managing the list at
<br>
<a class="moz-txt-link-abbreviated" href="mailto:christiansource-owner@ofb.biz">christiansource-owner@ofb.biz</a>
<br>
<br>
When replying, please edit your Subject line so it is more
specific
<br>
than "Re: Contents of Christiansource digest..."
<br>
<br>
Today's Topics:
<br>
<br>
1. Trying to set up my desktop to serve as a sort of
"gateway"
<br>
(<a class="moz-txt-link-abbreviated" href="mailto:davidm@hisfeet.net">davidm@hisfeet.net</a>)
<br>
2. Re: Trying to set up my desktop to serve as a sort of
<br>
"gateway" (Tim Young)
<br>
<br>
List-Post: <a class="moz-txt-link-rfc2396E" href="mailto:christiansource@ofb.biz"><mailto:christiansource@ofb.biz></a>
<br>
Content-Transfer-Encoding: 8bit
<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:davidm@hisfeet.net">davidm@hisfeet.net</a>
<br>
Precedence: list
<br>
MIME-Version: 1.0
<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:christiansource@ofb.biz">christiansource@ofb.biz</a>
<br>
Date: Wed, 15 Oct 2014 19:01:55 -0400
<br>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:b60d06d51bdb8dcf406ed91cacfe427a.squirrel@trinity.pjlhosting.com"><b60d06d51bdb8dcf406ed91cacfe427a.squirrel@trinity.pjlhosting.com></a>
<br>
Content-Type: text/plain;charset=iso-8859-1
<br>
Subject: [CS-FSLUG] Trying to set up my desktop to serve as a
sort of
<br>
"gateway"
<br>
Message: 1
<br>
<br>
Well, really a gateway to the gateway. I want to connect to a
VPN, or at
<br>
least to a private proxy, for use in Mexico, but I want each and
all of
<br>
our Internet devices to be connected through it.
<br>
<br>
I have read that it is possible to set up a Linux box to
interpose itself
<br>
between the Internet, and everything on the LAN, and still
provide the
<br>
devices on the LAN to communicate with the WAN. I think the
article I was
<br>
reading was for a Firewall, which would be OK, but my purpose is
for a
<br>
VPN.
<br>
<br>
I have installed an extra communication card with an Ethernet
connector,
<br>
and the computer does recognize that it is there, and identifies
it
<br>
properly, but I haven't the faintest idea how to adjust the
machine to my
<br>
purposes, or what information to look for in that regard.
<br>
<br>
I've just spent several hours looking for answer, but don't seem
to be
<br>
getting anywhere. I'll be using Mint 11 I think.
<br>
<br>
<br>
<br>
<br>
<br>
Hi,
<br>
Is your mint "firewall" something you will be using for more
than
<br>
just the gateway and VPN endpoint? If you are only using it for
a
<br>
firewall/gateway, I would recommend using "PFSense" or a
different
<br>
firewall distro. It will make the task of building a firewall a
lot
<br>
simpler.
<br>
<br>
I do not know mint well, so there may be some easier way to do
it
<br>
through a GUI or something. But here are the pieces you need.
<br>
<br>
I will call the Linux computer a "firewall" as that is what it
will
<br>
be serving as.
<br>
<br>
KERNEL
<br>
You need to tell the Linux kernel on your firewall that it is
to
<br>
allow packets to forward (route) through it. We do that by
changing
<br>
the value in the kernel: /proc/sys/net/ipv4/ip_forward
<br>
The way to do this is through "sysctl", which seems to be in
<br>
/etc/sysctl.conf (or a file in /etc/sysctl.d) that says:
<br>
net.ipv4.ip_forward=1
<br>
<br>
IP ADDRESSING
<br>
Then, you need to have two different IP addresses and IP
address
<br>
pools on either network interface.
<br>
Typically, people use 192.168.1.1 or 192.168.0.1 for their IP
<br>
addresses. Because you are wanting to do a VPN, you should NOT
use
<br>
either of these. VPNs are a little tricky, and it usually helps
to
<br>
have a different IP address pool than the one you are accessing
from.
<br>
So it is usually good to pick a slightly more obscure number.
<br>
<br>
So, for kicks, let's add 20 to the default number, and we will
use
<br>
these on the "inside" network card and outside network card.
<br>
192.168.20.1
<br>
192.168.21.1
<br>
<br>
FIREWALL RULE (MASQUERADING)
<br>
Then, you need to set up MASQUERADING on the external network
card.
<br>
This is done through an IPTables rule. If you are using
something like
<br>
firewallbuilder or some other firewalling thing, it may do it
for you.
<br>
But it boils down to a basic line that says something like:
<br>
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
<br>
<br>
DONE:
<br>
That is the main bit of info. It looks like a possible mint faq
could
<br>
be here:
<br>
<a class="moz-txt-link-freetext" href="http://thesystemmaster.com/unix/gateway_mint.php">http://thesystemmaster.com/unix/gateway_mint.php</a> [2]
<br>
<br>
Setting up a VPN may be a little bit harder. I would probably
use
<br>
openvpn if you can.
<br>
<br>
- Tim Young
<br>
</blockquote>
<br>
<blockquote type="cite">Links:
<br>
------
<br>
[1] <a class="moz-txt-link-freetext" href="http://cs.uninetsolutions.com">http://cs.uninetsolutions.com</a>
<br>
[2] <a class="moz-txt-link-freetext" href="http://thesystemmaster.com/unix/gateway_mint.php">http://thesystemmaster.com/unix/gateway_mint.php</a>
<br>
<br>
______________________________________________
<br>
ChristianSource FSLUG mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Christiansource@ofb.biz">Christiansource@ofb.biz</a>
<br>
<a class="moz-txt-link-freetext" href="http://ofb.biz/mailman/listinfo/christiansource_ofb.biz">http://ofb.biz/mailman/listinfo/christiansource_ofb.biz</a>
<br>
</blockquote>
<br>
_______________________________________________
<br>
ChristianSource FSLUG mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Christiansource@ofb.biz">Christiansource@ofb.biz</a>
<br>
<a class="moz-txt-link-freetext" href="http://cs.uninetsolutions.com">http://cs.uninetsolutions.com</a>
<br>
<br>
</blockquote>
<br>
</body>
</html>