Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 15601

Summary: Link to file, but file missing (404) in Gentoo Security Guide
Product: [OLD] Docs-user Reporter: Vince Verleye <zu>
Component: Gentoo Security GuideAssignee: Sven Vermeulen (RETIRED) <swift>
Status: RESOLVED FIXED    
Severity: normal CC: kn, zhen
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.gentoo.org/doc/en/firewall.gz
Whiteboard:
Package list:
Runtime testing required: ---

Description Vince Verleye 2003-02-12 17:51:10 UTC 
Guide is refering to firewall.gz which should be located at
http://www.gentoo.org/doc/en/firewall.gz

Please correct or upload the file.

Thanks.

Reproducible: Didn't try
Steps to Reproduce:
Comment 1 Jungmin Seo (RETIRED) gentoo-dev 2003-02-15 00:35:03 UTC 
plz specify which line or which section.  i couldn't find it
Comment 2 John Davis (zhen) (RETIRED) gentoo-dev 2003-02-15 11:17:37 UTC 
seo:
just search for it in the doc (security-howto). I know that we had this on the old site, and it prolly just needs moved in cvs.
Comment 3 Jungmin Seo (RETIRED) gentoo-dev 2003-02-17 16:39:53 UTC 
zhen;

it is not in cvs any more.  i made the firewall.gz file and i am not sure where i could put in in cvs..

it is just a text file tar gziped.
Comment 4 Vince Verleye 2003-02-17 20:42:13 UTC 
seo: You can find it here, if not found already:
http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap6

Please also consider checking this line near the end of the script (are you the editor, seo?):
---------8<-----------
  #Allow client to route through via NAT (Network Address Translation)
  $IPTABLES -t nat -A POSTROUTING -o $IINTERFACE -j MASQUERADE 
---------8<-----------

I could be wrong since I'm not too familiar with iptables, but in my setup I have to replace $IINTERFACE by $OINTERFACE for it to work correctly. Like this:

$IPTABLES -t nat -A POSTROUTING -o $OINTERFACE -j MASQUERADE

Thanks in advance.
Comment 5 Jungmin Seo (RETIRED) gentoo-dev 2003-02-18 21:17:22 UTC 
vince thanks.. i found where the link was broken

kn@insecurigy.dk ; could you possibly revise what vince said?
Comment 6 Kim Nielsen 2003-02-19 01:31:10 UTC 
Sure.

It really depends on what you think is the outside and inside of your network. If $IINTERFACE is the inside of your network (In the example 10.0.0.) this is the one to MASQ. You don't want to MASQ the internet to your local network :)

When I have the time I'm going to rewrite the firewall part with some automatic blocking of ISP from http://isc.incidents.org/ 

Anyway hopes this answars your question.
Comment 7 Vince Verleye 2003-02-19 14:22:57 UTC 
I'm looking forward to your rewriting of the firewall.

Sure, it makes sense somehow, but like I said, I'm not too familiar with iptables. 
I thought -o is --out-interface so naturally I'd use $OINTERFACE.
Comment 8 John Davis (zhen) (RETIRED) gentoo-dev 2003-03-30 13:43:33 UTC 
what is the status on this bug?
Comment 9 Sven Vermeulen (RETIRED) gentoo-dev 2003-08-28 10:10:12 UTC 
Seo doesn't seem active. I'm taking his bugs...
Comment 10 Sven Vermeulen (RETIRED) gentoo-dev 2003-08-28 10:14:10 UTC 
This has been fixed previously.