[CentOS] CentOS as a router

Fri Aug 7 16:39:51 UTC 2009
Johnny Hughes <johnny at centos.org>

Paul Heinlein wrote:
> On Fri, 7 Aug 2009, James B. Byrne wrote:
> 
>> I am setting up a small CentOS-5.3 host to act as a router.  I have 
>> the device configured and working.  What I am trying to accomplish 
>> now is configuring the firewall so as to protect both the router and 
>> the LAN. [....]
> 
> In the past, I'd have tried to craft the iptables rules by hand. Now, 
> older and lazier, I rely on shorewall.
> 
> Shorewall generally produces pretty good rules. You can "compile" your 
> logic to iptables rules without implementing them, so you could use 
> shorewall to generate a set of rules that essentially do what you 
> want, look them over, and then revise/implement the ones you like.
> 
If one really does want to configure by hand, I have found this to be
very useful:

http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html

Personally, I now use IPCOP to do this ... shorewall is another good
firewall distro.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090807/59f5ff11/attachment-0004.sig>