[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] database server recommendations

Subject: Re: [cobalt-developers] database server recommendations
From: Balázs Nagy <bn@xxxxxxxxxxxxxx>
Date: Fri Apr 14 11:27:06 2000
Organization: thenewpush

Gerald Waugh wrote:


> Balázs Nagy <bn@xxxxxxxxxxxxxx> wrote
> Assuming you have two NICs, eth0 is your intranet, eth1 goes to the
> router/ATM/what have you and your internal net is 192.168.0.0:
>
> #!/bin/sh
> route add -net 192.168.0.0 netmask 255.255.255.0 eth0
> route add default eth1
> ipchains -P forward DENY
> ipchains -A forward -i eth1  -j MASQ
>
> the first time you also need this:
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> This is a basic firewall, and don't blame me if people hack fairly easily
> your system. If you want to get a stronger firewall, we can take this
> off-list...

This will get routing working with IP masquerading. Coutesy of Balazs.
However I think this goes away if you reboot, but can be added to config files
to survive a reboot.

That is correct. You need to put the above commands in a scripts(firewall.sh), and write a wrapper that you put in /etc/rc.d/rc3.d andname S09firewall, so that it starts before the network (S10network). Youalso need to make sure that forwarding is enabled in/etc/sysconfig/network, since the manual method (echo 1> ...) wont work at init: the S10network will turn it off half a second after S09firewallstarted...

References:
- Re: [cobalt-developers] database server recommendations
  - From: Paul Schreiber
- Re: [cobalt-developers] database server recommendations
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-developers] Virtual site port
Next by Date: [cobalt-developers] cobalt's sense of humour :)
Previous by thread: Re: [cobalt-developers] database server recommendations
Next by thread: [cobalt-developers] Problem with Alias (symlinks + CGIWRAP?)

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index