[NCLUG] ipchains and firewalls

[rosing at peakfive.com]

Mike wrote:

>On the other hand, I would personally suggest that you lose this rule,
>and instead use the -X flag on SSH to transmit your X sessions securely.

I can't ssh to the machine of interest.  I could probably ssh from
that machine to my machine, assuming I know how to set it up. But then
would I still need some entry in ipchains to allow ssh in?

>Finally, nmap (www.insecure.org/nmap) is your friend.  Load it on a
>remote machine, and run it against your own machine to see which ports
>are available to the world at large.

Thanks.

>Most of the ones that I have seen (Linksys) will allow you to designate
>a single DMZ machine, which incomming traffic is routed to.  IPChains
>(or portfw, to be exact) will allow you to forward ports to any number
>of machines. So I guess you lose that control...  Otherwise, the
>functionality seems to be similar.  I didn't explore it, but the Linksys
>seems to have a great number of advanced options, that one might argue,
>are easier to get at then the Linux ones.  I think it essentially comes
>down to what you are willing to pay for -- time or equipment.

If I understand the DMZ machine idea it means I have one machine
that's open to the world for everything? I can't do that.

This got me thinking of another problem.  I only have one ip address
but I want to set up a network using masquerading. I also want to
start an X job on a machine outside the firewall and have it display on
one machine inside the firewall. It's always the same machine. On
the remote machine I set the display variable to the one ip address I
have. Something needs to route the packets to the one machine where I 
want the display.  Can I do this with ipchains?  Can I do this with
linksys? 


Neil wrote:

>Have you looked at SmoothWall?  www.smoothwall.org  Neat stuff that.

That is slick.