[CentOS] CentOS 6.3 as Firewall/Router

Mon Jan 7 01:04:40 UTC 2013
me at tdiehl.org <me at tdiehl.org>

On Sat, 5 Jan 2013, Tim Evans wrote:

> On 01/05/2013 10:13 AM, me at tdiehl.org wrote:
>> On Fri, 4 Jan 2013, Steve Campbell wrote:
>>
>>>
>>> On 1/4/2013 12:21 PM, Tim Evans wrote:
>>>> On 01/04/2013 12:01 PM, Tim Evans wrote:
>>>>> I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new
>>>>> CentOS 6.3 system.  In the olden days, I successfully used the attached
>>>>> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this
>>>>> doesn't seem to be quite working on the new system.
>>>>>
>>>>> Specifically, while it seems to be routing ok, you cannot connect to
>>>>> anything on the inside net (e.g., with ssh or a browser) and cannot
>>>>> connect to the system with ssh or anything else from elsewhere on the
>>>>> inside net. Yet arp shows this system active.
>>>>>
>>>>> Is there obsolete stuff here, and/or anything missing that would cause
>>>>> this?
>>>>
>>>> Nevermind...  Temporary IP address in the script was wrong; corrected
>>>> and now working.  Will be glad to see comments, though.
>>>>
>>>>
>>> Use Firewall Builder. It makes things so much easier. And it's free.
>>>
>>> http://www.fwbuilder.org/
>>
>> +1000 for fwbuilder.
>>
>> Raw iptables commands are not only error prone but will make your brain hurt.
>
> As the original poster, I welcome these suggestions, but point out my
> ruleset was already written and working.  Last I looked (a long time
> ago, I admit), fwbuilder could not import an existing set of rules and
> turn it into the necessary fwbuilder abstractions, which meant I'd have
> to re-invent the working wheel, just to get it into fwbuilder.

That is no longer true. fwb has a tool to import existing rules although I
have never used it.

Regards,

-- 
Tom			me at tdiehl.org		Spamtrap address	 		me123 at tdiehl.org