Paul Heinlein wrote: > On Fri, 7 Aug 2009, James B. Byrne wrote: > >> I am setting up a small CentOS-5.3 host to act as a router. I have >> the device configured and working. What I am trying to accomplish >> now is configuring the firewall so as to protect both the router and >> the LAN. [....] > > In the past, I'd have tried to craft the iptables rules by hand. Now, > older and lazier, I rely on shorewall. > > Shorewall generally produces pretty good rules. You can "compile" your > logic to iptables rules without implementing them, so you could use > shorewall to generate a set of rules that essentially do what you > want, look them over, and then revise/implement the ones you like. > If one really does want to configure by hand, I have found this to be very useful: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html Personally, I now use IPCOP to do this ... shorewall is another good firewall distro. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20090807/59f5ff11/attachment-0005.sig>