Very Computer

> I have a Redhad Linux 6.0 box with a ppp connection to my ISP.  I have
> SQUID running on it and am able to connect to the internet using my
> WinBlows95 machine.
> Works fine.

> The BIG problem...... you all know.  Once I'm connected to the internet,
> anyone and everyone can access my machine (and network).

> I've been reading all the HOW-TO's and whatnot, but am still confused
> about firewalls.  I'm trying to use ipchains to make it so that I (and
> anyone else on my local network) can access the internet via sqiud
> without granting ANY external access to my network.

> Is this NOT a simple thing?

> My linux box only has one NIC (eth0) and only one ppp interface (ppp0).
> My local networks ipscheme is 192.168.100.X, my linux box being
> 192.168.100.129.

> I'm would think that this must be a VERY common scenario.

> Can anyone give me some pointers?  I'll tell all my friends (all 2 of
> them) what a nice person you are and that your voodo is the best!!!

> Thanks.

> Ron
> --
> Ron Bombard,  Network Administrator

> PO Box 2567, Glens Falls, Ny 12801
> http://members.theglobe.com/virtual_ron

> Sometimes loosing a wife can be hard... in my
> case it was nearly impossible!!!
> ---------------------------------------------------
>    _O_        _____         _<>_          ___
>  /     \     |     |      /      \      /  _  \
> |==/=\==|    |[/_\]|     |==\==/==|    |  / \  |
> |  O O  |    / O O \     |   ><   |    |  |"|  |
>  \  V  /    /\  -  /\  ,-\   ()   /-.   \  X  /
>  /`---'\     /`---'\   V( `-====-' )V   /`---'\
>  O'_:_`O     O'M|M`O   (_____:|_____)   O'_|_`O
>   -- --       -- --      ----  ----      -- --
>   STAN         KYLE        CARTMAN       KENNY

> > Greetings!

> > I have a Redhad Linux 6.0 box with a ppp connection to my ISP.  I have
> > SQUID running on it and am able to connect to the internet using my
> > WinBlows95 machine.
> > Works fine.

> > The BIG problem...... you all know.  Once I'm connected to the internet,
> > anyone and everyone can access my machine (and network).

> > I've been reading all the HOW-TO's and whatnot, but am still confused
> > about firewalls.  I'm trying to use ipchains to make it so that I (and
> > anyone else on my local network) can access the internet via sqiud
> > without granting ANY external access to my network.

> > Is this NOT a simple thing?

> > My linux box only has one NIC (eth0) and only one ppp interface (ppp0).
> > My local networks ipscheme is 192.168.100.X, my linux box being
> > 192.168.100.129.

> > I'm would think that this must be a VERY common scenario.

> > Can anyone give me some pointers?  I'll tell all my friends (all 2 of
> > them) what a nice person you are and that your voodo is the best!!!

> > Thanks.

> > Ron
> > --
> > Ron Bombard,  Network Administrator

> > PO Box 2567, Glens Falls, Ny 12801
> > http://members.theglobe.com/virtual_ron

> > Sometimes loosing a wife can be hard... in my
> > case it was nearly impossible!!!
> > ---------------------------------------------------
> >    _O_        _____         _<>_          ___
> >  /     \     |     |      /      \      /  _  \
> > |==/=\==|    |[/_\]|     |==\==/==|    |  / \  |
> > |  O O  |    / O O \     |   ><   |    |  |"|  |
> >  \  V  /    /\  -  /\  ,-\   ()   /-.   \  X  /
> >  /`---'\     /`---'\   V( `-====-' )V   /`---'\
> >  O'_:_`O     O'M|M`O   (_____:|_____)   O'_|_`O
> >   -- --       -- --      ----  ----      -- --
> >   STAN         KYLE        CARTMAN       KENNY

> Well first, you could make sure that your Linux box is not forwarding
> traffic.  You can do a 'echo "0" > /proc/sys/net/ipv4/ip_forward' as root
> to turn off IP forwarding.  Then you need to protect anyone from getting
> directly to your Linux box.  You could try the following to block any
> packets on your ppp0 interface that denies any packets that are trying to
> start a connection:

> ipchains -A input -J REJECT -p tcp -i ppp+ -y

> This will not block UDP or ICMP packets, but at least it's a start.

> Check out /usr/doc/ipchains-1.3.8/HOWTO.txt.  It's very helpfull...

> hth,

> fwr