[CentOS] CentOS 6.3 as Firewall/Router

Sat Jan 5 15:35:57 UTC 2013
Tim Evans <tkevans at tkevans.com>

On 01/05/2013 10:13 AM, me at tdiehl.org wrote:
> On Fri, 4 Jan 2013, Steve Campbell wrote:
>> On 1/4/2013 12:21 PM, Tim Evans wrote:
>>> On 01/04/2013 12:01 PM, Tim Evans wrote:
>>>> I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new
>>>> CentOS 6.3 system.  In the olden days, I successfully used the attached
>>>> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this
>>>> doesn't seem to be quite working on the new system.
>>>> Specifically, while it seems to be routing ok, you cannot connect to
>>>> anything on the inside net (e.g., with ssh or a browser) and cannot
>>>> connect to the system with ssh or anything else from elsewhere on the
>>>> inside net. Yet arp shows this system active.
>>>> Is there obsolete stuff here, and/or anything missing that would cause
>>>> this?
>>> Nevermind...  Temporary IP address in the script was wrong; corrected
>>> and now working.  Will be glad to see comments, though.
>> Use Firewall Builder. It makes things so much easier. And it's free.
>> http://www.fwbuilder.org/
> +1000 for fwbuilder.
> Raw iptables commands are not only error prone but will make your brain hurt.

As the original poster, I welcome these suggestions, but point out my 
ruleset was already written and working.  Last I looked (a long time 
ago, I admit), fwbuilder could not import an existing set of rules and 
turn it into the necessary fwbuilder abstractions, which meant I'd have 
to re-invent the working wheel, just to get it into fwbuilder.

Tim Evans			|   5 Chestnut Court
Linux/UNIX Consulting		|   Owings Mills, MD 21117
http://www.tkevans.com/		|   443-394-3864
http://www.come-here.com/News/	|   tkevans at tkevans.com