It’s Tuesday. I can’t wait for the weekend. Hey, at least this week we get a little break on Wednesday, at least in the States.
I posted some mail last night. Among those was a request that I reveal some of my Linux server-at-home secrets. I think I’ve sufficiently covered the creation of mail and Web servers, but I’ll go back and look some other time, when my brain’s less fried. I spent the day trying to make bootable Linux CDs. I’m thankful for CD-RWs, because I would have toasted about 10 CD-Rs in that process. I’ve found a Web site at work that talks all about it; I’ll refrain from calling it great until I figure out whether all of its steps actually work. I have made one successful bootable CD using the process, but it wouldn’t do everything I wanted. When I subbed in my own kernel that could do everything I wanted and left things like amateur radio support behind (just what I always wanted… a HAM-enabled Linux boot CD. Be still, my heart!) I got various different error messages. So not only am I wrong, I’m inconsistently wrong.
Anyway, let’s talk about firewalling. I don’t write firewalling scripts by hand; I let an expert do it. Then I go in and make slight modifications. My favorite method by far is to use PMFirewall, which asks you a bunch of nice questions and then writes a script. At present it only works with 2.2-based distros (a version for 2.4 is in alpha). If you want to do some forwarding, all you have to do is edit rc.firewall and add a couple of lines (this example assumes you’re running a Web server on 172.16.0.10, port 80):
echo "1" > /proc/sys/net/ipv4/ip_forward #enable IP forwarding
/usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 80 -R 172.16.0.10 80 #forward Web services to port 80 on 172.16.0.10
If you’re also running IMAP services on the same box, you can theoretically open it up with this line (I haven’t tried anything like this yet):
/usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 143 -R 172.16.0.10 143 #forward IMAP to port 143 on 172.16.0.10
Forwarding with Freesco is supposed to be easy but I’ve never actually done it yet. I’ll have to play around with it, on someone else’s cable or DSL connection of course (we wouldn’t want to keep anyone from reading these pages, after all). I believe Freesco is still 2.0-based, and firewalling and forwarding has changed with each major kernel revision since 2.0. It may have changed some before that too, for all I know, but back in those days I was fighting Slackware on 486s and deciding I hated Linux. It wasn’t until 1997 when a coworker gave me a copy of Red Hat 5.2 that I changed my mind and realized I didn’t hate Linux, I hated Slackware.