discuss: FYI about IPtables HOWTO
Subject:
Re: FYI about IPtables HOWTO
From:
Matt Wright ####@####.####
Date:
22 Nov 2001 07:07:15 -0000
Message-Id: <20011122070730.10dd58a4.matt@consultmatt.co.uk>
Sorry,
I had assumed that the LDP version was up to date. Having seen the cover in the IP masq I'll rethink that. I apologise most sincerley for this oversight.
Before I completely scrap the draft I have is there any call for explinaing the packet filtering side of things. I had actually started to major on this. I've looked at the Firewall-HOWTO and I can't see any links to updated versions (I _shall_ not make the same mistake again!! :P).
Any thoughts, if you're desperate there is a nowhere near finished draft sitting in the LDP CVS if you want to read it.
Thoughts and comments please,
Matt
On Wed, 21 Nov 2001 20:02:15 -0800
David Ranch ####@####.#### wrote:
>
> Hey Everyone,
>
> >For the guys in charge, Greg and co, I'm working on a HOWTO for IPtables on
> how
> >to packet filter and masq. I found that the IP Masq doesnt cover IPTables
> >anything further than saying u can use ipchains.o for compatability. Also I
> >wasn't inspired by Rusty's guides as a beginners path to firewalling and
> Masq.
>
> Actually, this isn't true what so ever.
>
> For a long time, the version of the IPMASQ howto on the LDP
> was very old (2.2/2.0). But, the HOWTO mentions ALL over the
> place to check the Web for any newer versions. If people
> went to my site or the official IPMASQ www site, they would
> have found a new BETA version that completely covered 2.4.x
> kernels and IPTABLES:
>
> http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#ipmasq
>
> http://ipmasq.cjb.net
>
>
> Anyway, just this week, I upgraded the LDP's version to
> sync up with my RELEASE version (its no longer BETA). This
> new HOWTO completely covers 2.4.x kernels, PROs/CONs of the
> new code, includes both testing 2.4.x rc.firewalls as well as
> a stronger IPTABLES ruleset. I've done extensive testing
> and field trials with this HOWTO and everyone seems to be
> quite happy with it.
>
> So, though I agree with you that Rusty's IPTABLES documentation
> isn't the greatest, the IPMASQ HOWTO DOES cover IPTABLES
> nicely. Now, is it a comprehensive IPTABLES document?
> Probably not but then again, I never said it was. ;-)
>
>
> >The draft should cover Masq'ing internal machines, Packet
> >filtering, S/DNAT and some basic theory on tables/chains/rules.
>
> MASQing - done
> Packet Filtering - done
> S/DNat (PORTFW) - done
> theory / chains - done
>
> Plus:
> + kernel compiling
> + IPTABLES compiling
> + troubleshooting
> + etc
>
>
> >If anyone has a problem with me writing this then please speak now before
> I >have put otoo much tiem into it.
>
> If you feel that the IPMASQ howto doesn't cover a topic
> well enough, please bring it up with me and I'll try to
> add it. Personally, I think that there are a lot
> of HOWTOs out there that directly overlap with each other.
> I've been maintaining TrinityOS for YEARS but there are
> a LOT of other Security docs that cover the same ground.
> Eh.. I digress. Ultimately, I would like to avoid this
> duplication and encourage you to write a HOWTO on other
> topics that need it.
>
> Anyway, that's my $0.02.
>
> --David
> .----------------------------------------------------------------------------.
> | David A. Ranch - Linux/Networking/PC hardware ####@####.#### |
> !---- ----!
> `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
>
>
> _________________________
> http://list.linuxdoc.org/
>
---------------------
Matt Wright Consulting
http://www.consultmatt.co.uk
####@####.####