[CentOS] CentOS 6.3 as Firewall/Router

Fri Jan 4 17:31:17 UTC 2013
James A. Peltier <jpeltier at sfu.ca>

----- Original Message -----
| 
| On 1/4/2013 12:21 PM, Tim Evans wrote:
| > On 01/04/2013 12:01 PM, Tim Evans wrote:
| >> I'm replacing an ancient Solaris 'ipf' firewall/router with a
| >> brand new
| >> CentOS 6.3 system.  In the olden days, I successfully used the
| >> attached
| >> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but
| >> this
| >> doesn't seem to be quite working on the new system.
| >>
| >> Specifically, while it seems to be routing ok, you cannot connect
| >> to
| >> anything on the inside net (e.g., with ssh or a browser) and
| >> cannot
| >> connect to the system with ssh or anything else from elsewhere on
| >> the
| >> inside net. Yet arp shows this system active.
| >>
| >> Is there obsolete stuff here, and/or anything missing that would
| >> cause
| >> this?
| >
| > Nevermind...  Temporary IP address in the script was wrong;
| > corrected
| > and now working.  Will be glad to see comments, though.
| >
| >
| Use Firewall Builder. It makes things so much easier. And it's free.
| 
| http://www.fwbuilder.org/
| 
| steve campbell

Or don't use CentOS at all and try OpenBSD & PF.  The syntax is much cleaner and easier to maintain than Netfilter/IPTables and it works pretty darn well.  ;)

-- 
James A. Peltier
Manager, IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 778-782-6573
Fax     : 778-782-3045
E-Mail  : jpeltier at sfu.ca
Website : http://www.sfu.ca/itservices
          http://blogs.sfu.ca/people/jpeltier

"The smartest people are constantly revising their understanding, reconsidering a problem they thought they’d already solved. They’re open to new points of view, new information, new ideas, contradictions, and challenges to their own way of thinking." - Jeff Bezos