Linux Firewall and NAT for DSL
Support for Home LAN (Masquerading) and for Servers in Demilitarized
Zone(DNAT)
I was using RoadRunner (a cable modem) for a long time, and created a
setup to use only one Dynamic IP address (DHCP) and have several computers
attached to it at home. It uses iptables (netfilter) which comes with
new Linux 2.4 kernel. I use RedHat Linux distribution, but you can
easily do the same with other excellent Linux distros.
I call this setup my HOME LAN. It is now a history for me, but it
worked quite well (even for my neighbor). This setup is described here:
Then I decided to switch to DSL and got myself a static addresses and
have my own Web server, ftp servers, and DNSes, and stuff.
So I made a nicer script which supports
not only the HOME LAN, but also supports multiple static IP addresses,
Destination Network Address Translation (DNAT), and is very easy to
customize even for a non-technical person. I was able to abstract the
firewall rules into a small table, which can be just edited by hand
in a very localized place in the iptables script.
I still do not have a write-up on my DNS setup, but it will be coming
one day.
Please help me fix the bugs and problmes which you see with these files,
so they are useful. Just send me e-mail to jkl@ccl.net
Thanks
Jan Labanowski, jkl@ccl.net