| However, my son wants to play video games. It looks to me as if UDP packets come in at random times
| and from random places destined for my son's computer. Is it possible (and if so, how do I do it?)
| to configure ipchains such that when a UDP packet comes in from anywhere to anywhere on a specific
| port, that the packet gets NATed to a specific IP address on the inside?
| Or, if this can't be done using ipchains, is there an automatic translation program to translate
| from ipchains to the new 2.4.0 firewall scheme?
I think there is, but you will probably be well off to start over,
because the stateful connections in iptables allow cleaner rules, as
well as working better. I had about 200 lines of firewall code, and I
took it a chain at a time, like this:
- what am I doing here?
- is that what I wanted or what I could get?
- how do I do it with iptables?
In the process I learned the options and stuff, and I did it with
iptables, not bits of three firewall, NAT, and other kits I needed to
get ipchains to do what I want. The system is dead stable, something I
can't say for the old version, and I have better control of how I log
and what I log.
My next task is to learn micro-routing without a kit, so I can send
certain packets out one NIC and certain packets out another. Since one
NIC is connected via DHCP the IP changes, so I need to force by NIC. I
know it can be done with a kit, I just want to know what's really
In any case, what you can easily do the NAT with iptables, although
I'm not totally sure if there are security implications of a wide open
path. No worse than direct connect, of course. Let the games begin!
At LinuxExpo Sun was showing Linux applications running on Solaris.
They don't get it, the arrow points the other way. There's a reason why
there's no SolarisExpo, Solaris is a tool; Linux is a philosophy, a
religion, a way of life, and only incidentally an operating system.