/[gentoo]/xml/htdocs/doc/en/home-router-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/home-router-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.62 Revision 1.63
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 2<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
3<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.62 2008/08/19 14:15:59 vapier Exp $ --> 3<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.63 2009/09/18 08:36:43 nightmorph Exp $ -->
4 4
5<guide link="/doc/en/home-router-howto.xml" lang="en"> 5<guide link="/doc/en/home-router-howto.xml" lang="en">
6<title>Home Router Guide</title> 6<title>Home Router Guide</title>
7 7
8<author title="Author"> 8<author title="Author">
15</abstract> 15</abstract>
16 16
17<!-- The content of this document is released into the public domain --> 17<!-- The content of this document is released into the public domain -->
18<license/> 18<license/>
19 19
20<version>1.39</version> 20<version>1.40</version>
21<date>2008-08-19</date> 21<date>2009-09-18</date>
22 22
23<chapter> 23<chapter>
24<title>Introduction</title> 24<title>Introduction</title>
25<section> 25<section>
26<body> 26<body>
438# <i>export WAN=eth1</i> 438# <i>export WAN=eth1</i>
439 439
440<comment>Then we lock our services so they only work from the LAN</comment> 440<comment>Then we lock our services so they only work from the LAN</comment>
441# <i>iptables -I INPUT 1 -i ${LAN} -j ACCEPT</i> 441# <i>iptables -I INPUT 1 -i ${LAN} -j ACCEPT</i>
442# <i>iptables -I INPUT 1 -i lo -j ACCEPT</i> 442# <i>iptables -I INPUT 1 -i lo -j ACCEPT</i>
443# <i>iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT</i> 443# <i>iptables -A INPUT -p UDP --dport bootps ! -i ${LAN} -j REJECT</i>
444# <i>iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT</i> 444# <i>iptables -A INPUT -p UDP --dport domain ! -i ${LAN} -j REJECT</i>
445 445
446<comment>(Optional) Allow access to our ssh server from the WAN</comment> 446<comment>(Optional) Allow access to our ssh server from the WAN</comment>
447# <i>iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT</i> 447# <i>iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT</i>
448 448
449<comment>Drop TCP / UDP packets to privileged ports</comment> 449<comment>Drop TCP / UDP packets to privileged ports</comment>
450# <i>iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP</i> 450# <i>iptables -A INPUT -p TCP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP</i>
451# <i>iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP</i> 451# <i>iptables -A INPUT -p UDP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP</i>
452 452
453<comment>Finally we add the rules for NAT</comment> 453<comment>Finally we add the rules for NAT</comment>
454# <i>iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP</i> 454# <i>iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP</i>
455# <i>iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT</i> 455# <i>iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT</i>
456# <i>iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT</i> 456# <i>iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT</i>
812 812
813<pre caption="Setting up SMTP"> 813<pre caption="Setting up SMTP">
814# <i>emerge netqmail</i> 814# <i>emerge netqmail</i>
815<comment>make sure the output of `hostname` is correct</comment> 815<comment>make sure the output of `hostname` is correct</comment>
816# <i>emerge --config netqmail</i> 816# <i>emerge --config netqmail</i>
817# <i>iptables -I INPUT -p tcp --dport smtp -i ! ${LAN} -j REJECT</i> 817# <i>iptables -I INPUT -p tcp --dport smtp ! -i ${LAN} -j REJECT</i>
818# <i>ln -s /var/qmail/supervise/qmail-send /service/qmail-send</i> 818# <i>ln -s /var/qmail/supervise/qmail-send /service/qmail-send</i>
819# <i>ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd</i> 819# <i>ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd</i>
820# <i>cd /etc/tcprules.d</i> 820# <i>cd /etc/tcprules.d</i>
821# <i>nano tcp.qmail-smtp</i> 821# <i>nano tcp.qmail-smtp</i>
822<!-- 822<!--

Legend:
Removed from v.1.62  
changed lines
  Added in v.1.63

  ViewVC Help
Powered by ViewVC 1.1.20